Updated tryton-server packages has been released for Debian 7 LTS
Package : tryton-server
Version : 2.2.4-1+deb7u4
CVE ID : CVE-2017-0360
It was discovered that there was a path suffix injection attack in
tryton-server, a general purpose application platform.
For Debian 7 "Wheezy", this issue has been fixed in tryton-server version
2.2.4-1+deb7u4.
We recommend that you upgrade your tryton-server packages.