Tobias Frost pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6c27e3e7 by Tobias Frost at 2026-01-06T14:30:01+01:00
CVE-2022-4558/sogo - triaging as ignored/too intrusive for bullseye
Bullseye does not have the required sanitizing code module, it would
required backporting those codeparts and all the logic needed to connect it to
the application. Backporting all the required code paths, including some
refactoring that has been done in the mean time, will have a complexity
and high risk for regression.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -294965,7 +294965,7 @@ CVE-2022-4559 (A vulnerability was found in INEX
IPX-Manager up to 6.2.0. It has
NOT-FOR-US: INEX IPX-Manager
CVE-2022-4558 (A vulnerability was found in Alinto SOGo up to 5.7.1. It has
been clas ...)
- sogo 5.8.0-1
- [bullseye] - sogo <no-dsa> (Minor issue)
+ [bullseye] - sogo <ignored> (fix requires an intrusive backport and
entails a high regression risk)
[buster] - sogo <no-dsa> (Minor issue)
NOTE:
https://github.com/Alinto/sogo/commit/1e0f5f00890f751e84d67be4f139dd7f00faa5f3
(SOGo-5.8.0)
CVE-2022-4557 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c27e3e7f836d367bc25affa38fd7d3cc9b43501
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c27e3e7f836d367bc25affa38fd7d3cc9b43501
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
