Debian Linux Security Advisory 2791-1 - Cedric Krier discovered that the Tryton client does not sanitize the file extension supplied by the server when processing reports. As a result, a malicious server could send a report with a crafted file extension that causes the client to write any local file to which the user running the client has write access.
663ce20e4298f6b60c0aa736c72f904ed78e769610e2fd1985b52451b2d339bc