trytond/modules/__init__.py | 4 3 + 1 - 0 !
1 file changed, 3 insertions(+), 1 deletion(-)

 migration for obsolete module ldap_connection
 tryton-modules-ldap-connection was merged into
 tryton-modules-ldap-authentication. The server fails to start with a
 missing module, so we remove it from the modules table.

trytond/model/modelstorage.py | 9 5 + 4 - 0 !
1 file changed, 5 insertions(+), 4 deletions(-)

 fix for cve-2015-0861 field access on multi write
 Field access was only checked for the field defined in the first 
 values dictionary, but it must be checked for all dictionaries in *args.

trytond/res/user.py | 8 8 + 0 - 0 !
trytond/tests/test_user.py | 7 7 + 0 - 0 !
2 files changed, 15 insertions(+)

 fix for cve-2016-1241 prevent read of user password hash
 When the password_hash field was added (upstream changeset c9be44cd05e1)
 it didn't receive the same hiding protection as the password field.
 This allows any authenticated user to read the hash of any other user.

trytond/tools/misc.py | 20 14 + 6 - 0 !
1 file changed, 14 insertions(+), 6 deletions(-)

 fix for cve-2016-1242 sanitize path in file_open
 file_open did not prevent to use an up-level reference in a file name.
 A forged Report name could be used to open a file outside the root
 directory of trytond.

trytond/tests/test_tools.py | 5 5 + 0 - 0 !
trytond/tools/misc.py | 2 1 + 1 - 0 !
2 files changed, 6 insertions(+), 1 deletion(-)

 sanitize path in file_open against suffix (cve-2017-0360).
 The patch for CVE-2016-1242 did not cover all cases. Indeed there is a
 case where an external file could be retrieved if it is stored in a folder
 next to the root of trytond starting with the same name but with a suffix.
 Example: '../trytond_suffix'.