Debian Security Advisory DSA 2791-1 (tryton-client - missing input sanitization)
Cedric Krier discovered that the Tryton client does not sanitize the file extension supplied by the server when processing reports. As a result, a malicious server could send a report with a crafted file extension that causes the client to write any local file to which the user running the client...