Tobias Frost pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c0ffd6f0 by Tobias Frost at 2026-01-04T20:40:12+01:00
CVE-2024-24510/sogo triaging for bullseye as ignored.
Bullseye does not have the required sanitizing code module, it would
required backporting those codeparts and all the logic needed to connect it to
the application. Backporting all the required code paths, including some
refactoring that has been done in the mean time, will have a complexity
and high risk for regression.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -157251,7 +157251,7 @@ CVE-2024-27364 (An issue was discovered in Mobile
Processor, Wearable Processor
CVE-2024-24510 (Cross Site Scripting vulnerability in Alinto SOGo before
5.10.0 allows ...)
- sogo 5.10.0-1
[bookworm] - sogo <no-dsa> (Minor issue, can be fixed via point release)
- [bullseye] - sogo <postponed> (Follow bookworm updates)
+ [bullseye] - sogo <ignored> (fix requires an intrusive backport and
entails a high regression risk)
NOTE: Fixed by:
https://github.com/Alinto/sogo/commit/21468700718ed71774eaf2979ee59330fc569424
(SOGo-5.10.0)
CVE-2023-50883 (ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an
immediat ...)
NOT-FOR-US: ONLYOFFICE Docs
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0ffd6f08a95925cb295d24099f6a8910a1b347d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0ffd6f08a95925cb295d24099f6a8910a1b347d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
