Tobias Frost pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8070dbfb by Tobias Frost at 2026-01-06T14:33:23+01:00
CVE-2022-4556/sogo - triaging as ignored/too intrusive for bullseye
Bullseye does not have the required sanitizing code module, it would
required backporting those codeparts and all the logic needed to connect it to
the application. Backporting all the required code paths, including some
refactoring that has been done in the mean time, will have a complexity
and high risk for regression.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -294972,7 +294972,7 @@ CVE-2022-4557 (Improper Neutralization of Special
Elements used in an SQL Comman
NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web
CVE-2022-4556 (A vulnerability was found in Alinto SOGo up to 5.7.1 and
classified as ...)
- sogo 5.8.0-1
- [bullseye] - sogo <no-dsa> (Minor issue)
+ [bullseye] - sogo <ignored> (fix requires an intrusive backport and
entails a high regression risk)
[buster] - sogo <no-dsa> (Minor issue)
NOTE:
https://github.com/Alinto/sogo/commit/efac49ae91a4a325df9931e78e543f707a0f8e5e
(SOGo-5.8.0)
CVE-2022-4555 (The WP Shamsi plugin for WordPress is vulnerable to
authorization bypa ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8070dbfb57dd6e51b186c7bbffffa37d9c137541
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8070dbfb57dd6e51b186c7bbffffa37d9c137541
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
