Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
20de0a34 by Salvatore Bonaccorso at 2025-12-31T09:54:00+01:00
Mark sogo as no-dsa for trixie and bookworm
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -13182,6 +13182,8 @@ CVE-2025-63681 (open-webui v0.6.33 is vulnerable to
Incorrect Access Control. Th
NOT-FOR-US: open-webui
CVE-2025-63499 (Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS)
via the ...)
- sogo 5.12.4-1.2 (bug #1121952)
+ [trixie] - sogo <no-dsa> (Minor issue, can be fixed via point release)
+ [bookworm] - sogo <no-dsa> (Minor issue, can be fixed via point release)
NOTE: Fixed by:
https://github.com/Alinto/sogo/commit/16ab99e7cf8db2c30b211f0d5e338d7f9e3a9efb
NOTE: https://github.com/poblaguev-tot/CVE-2025-63499
CVE-2025-63364 (Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi
Gateway F ...)
@@ -15509,6 +15511,8 @@ CVE-2025-63674 (An issue in Blurams Lumi Security
Camera (A31C) v23.1227.472.292
CVE-2025-63498 (alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS)
via the ...)
{DLA-4386-1}
- sogo 5.12.4-1
+ [trixie] - sogo <no-dsa> (Minor issue, can be fixed via point release)
+ [bookworm] - sogo <no-dsa> (Minor issue, can be fixed via point release)
NOTE:
https://github.com/Alinto/sogo/commit/9e20190fad1a437f7e1307f0adcfe19a8d45184c
(SOGo-5.12.4)
NOTE: https://github.com/xryptoh/CVE-2025-63498
CVE-2025-62691 (Security Point (Windows) of MaLion and MaLionCloud contains a
stack-ba ...)
@@ -155092,6 +155096,7 @@ CVE-2024-27364 (An issue was discovered in Mobile
Processor, Wearable Processor
NOT-FOR-US: Samsung
CVE-2024-24510 (Cross Site Scripting vulnerability in Alinto SOGo before
5.10.0 allows ...)
- sogo 5.10.0-1
+ [bookworm] - sogo <no-dsa> (Minor issue, can be fixed via point release)
[bullseye] - sogo <postponed> (Follow bookworm updates)
NOTE: Fixed by:
https://github.com/Alinto/sogo/commit/21468700718ed71774eaf2979ee59330fc569424
(SOGo-5.10.0)
CVE-2023-50883 (ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an
immediat ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -71,8 +71,6 @@ runc
--
smb4k (carnil)
--
-sogo
---
sympa/oldstable
--
tomcat10/oldstable (apo)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20de0a343167e89abd6d0da18506f3472a1bb207
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20de0a343167e89abd6d0da18506f3472a1bb207
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
