File _patchinfo of Package patchinfo.6108
<patchinfo incident="6108">
<issue id="1016817" tracker="bnc">GNU Health update to 3.0.5</issue>
<issue id="1016885" tracker="bnc">CVE-2016-1241: tryton,trytond: password hashes leak to authenticated users</issue>
<issue id="1016886" tracker="bnc">CVE-2016-1242: tryton,trytond: admin user able to access all files on system</issue>
<issue id="2016-1241" tracker="cve"/>
<issue id="2016-1242" tracker="cve"/>
<category>security</category>
<rating>moderate</rating>
<packager>DocB</packager>
<description>
This update provides version 3.0.5 of GNU Health including several fixes and improvements.
- Update to ICD10 version 2016.
- Fix error when printing prescription using review dates.
- Fix error on summary report when no date of birth is assigned to the person.
Additionally the following dependencies have been updated:
tryton:
- Update to 3.8.12.
- Sanitize path in file open. (boo#1016886, CVE-2016-1242)
- Prevent read of user password hash. (boo#1016885, CVE-2016-1241)
trytond:
- Update to 3.8.9.
- Sanitize path in file open. (boo#1016886, CVE-2016-1242)
- Prevent read of user password hash. (boo#1016885, CVE-2016-1241)
trytond_account:
- Update to 3.8.5.
trytond_account_invoice:
- Update to 3.8.4.
trytond_stock:
- Update to 3.8.4.
trytond_stock_lot:
- Update to 3.8.1.
porteus:
- Update to 3.8.5.
</description>
<summary>Security update for GNU Health and it's dependencies</summary>
</patchinfo>