-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 18 Apr 2024 11:59:53 +0200
Source: tryton-server
Architecture: source
Version: 6.0.29-2+deb12u2
Distribution: bookworm
Urgency: medium
Maintainer: Debian Tryton Maintainers <team+tryton-team@tracker.debian.org>
Changed-By: Mathias Behrle <mathiasb@m9s.biz>
Changes:
 tryton-server (6.0.29-2+deb12u2) bookworm; urgency=medium
 .
   * Add 03_deny_compressed_content_from_unauth_request.patch.
     This patch fixes the vulnerabilty to zip bomb attacks via
     decoded gzip content from unauthenticated users.
     https://discuss.tryton.org/t/security-release-for-issue-13142/7196
   * Refresh 01_avoid_call_to_pypi.patch.
Checksums-Sha1:
 d95a55af5e1d31f5cde350a35b86d952b0ea0839 2985 tryton-server_6.0.29-2+deb12u2.dsc
 cffbb079f5fa40ed82e25189e9e472f64da8febd 58152 tryton-server_6.0.29-2+deb12u2.debian.tar.xz
 e6898c7a57de32a901a5acf8293a2589c6285b3c 10901 tryton-server_6.0.29-2+deb12u2_amd64.buildinfo
Checksums-Sha256:
 6b7c510501aaf91224b1f1703f574c44a3d439d8b73ad33f5782b9da9de79f0b 2985 tryton-server_6.0.29-2+deb12u2.dsc
 ca58c974e3366fbe5c4507eb6003eea284959543b0693fe2f3a54599f3b19bf1 58152 tryton-server_6.0.29-2+deb12u2.debian.tar.xz
 8b836ff5adc8ff7fdb581dab3a1fac193c9fbb1db74118311c4c343953115cf1 10901 tryton-server_6.0.29-2+deb12u2_amd64.buildinfo
Files:
 2027964086aa56293d8e62a40a7337cc 2985 python optional tryton-server_6.0.29-2+deb12u2.dsc
 3c0b3b51c6d8eb8af97979ff9936eb2e 58152 python optional tryton-server_6.0.29-2+deb12u2.debian.tar.xz
 ac241aba3336bc917279ad5ebab62b9c 10901 python optional tryton-server_6.0.29-2+deb12u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----
Comment: Signed by Mathias Behrle

iQJFBAEBCgAvFiEErCl+XEa50LYccXaB1tCb5IQFu/YFAmY4jrsRHG1hdGhpYXNi
QG05cy5iaXoACgkQ1tCb5IQFu/ZoyQ/+L1gm3M9s1qLIYy5S2O/GsDyxYxzCj/W+
T9GmHUtN5TgitR5ZlPcfVXBiD/HjYngShX2IdQ8QzoWv2ZSEnKwW2DG0x2KXixDT
sQ6WTvguiNbHyRfGnOwvyHTtRbvqe4sA/K+X99xo03gonoDGvi8cwcaUn2y8mNmM
OJeUDFaZdDp4NrBj78E2Dy80DjZor5sikuJX+H4ISQ2SPtFsleHbGFKtAEYXQfxF
miKQJ65Jy0b+mSuF4Bfg1ipHrAn8zQNAFCQTfzArLrHCwS9SLNQlI0FxiQXEAR5I
Pm5FMpVM0NxkzpRpZOIqPXAuKdb5NMUAIWvQQh5MOZ9BBXiv4wIslGxTVSSbCjGy
bkxxc19CM1qa35nMi5R7/RDYANvmT3z9EM5ynDFwzJAfXrZFs6JRQPXXIY5Re1RC
v8ofngRIC7eCMOKDlNaPf3xV1VLuB+29glswgtgDJW+LK6nU+tSBiAwIPLXvo/iU
saH/xJgpmcVqW2km8XXJn16m44I2ZfiIbTBAaMg1V/uuTZfxLwZ++rD8R09WGtg6
eTpxp5eyM+8QuzzLb0W2Uvpclj1ZRPoLrDJLXSHsEvg5yEYucctqbHZR84WPSpbV
5nAs7e4bN9cWyu2vAgspN+ZplOtB4uu5X7m/uUxEbVFEz0Iqqz/m3jhHVyn+/7Cg
/YZFf0oW1Zw=
=uYl0
-----END PGP SIGNATURE-----