[Git][security-tracker-team/security-tracker][master] Add CVE-2024-34462/sogo

Sun May 5 11:35:14 BST 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f68571b6 by Salvatore Bonaccorso at 2024-05-05T12:34:45+02:00
Add CVE-2024-34462/sogo

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -41,7 +41,8 @@ CVE-2024-34468 (Rukovoditel before 3.5.3 allows XSS via user_photo to My Page.)
 CVE-2024-34467 (ThinkPHP 8.0.3 allows remote attackers to discover the PHPSESSION cook ...)
 	NOT-FOR-US: ThinkPHP
 CVE-2024-34462 (Alinto SOGo through 5.10.0 allows XSS during attachment preview.)
-	TODO: check
+	- sogo <unfixed>
+	NOTE: https://github.com/Alinto/sogo/commit/2e37e59ed140d4aee0ff2fba579ca5f83f2c5920
 CVE-2023-52729 (TCPServer.cpp in SimpleNetwork through 29bc615 has an off-by-one error ...)
 	TODO: check
 CVE-2024-3868 (The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Sit ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f68571b61456c3bcb0b498aa38dae2ec4c0bbda1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f68571b61456c3bcb0b498aa38dae2ec4c0bbda1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240505/f8a9182a/attachment.htm>
