It was found that authenticated malicious user can write arbitrary values in record fields due missed checks of access permissions when multiple records are written. Upstream patch: http://hg.tryton.org/trytond/rev/06230c381593/ Upstream advisory: http://www.tryton.org/posts/security-release-for-issue5167.html
Created trytond tracking bugs for this issue: Affects: fedora-all [bug 1293283] Affects: epel-all [bug 1293284]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.