[Git][security-tracker-team/security-tracker][master] CVE-2024-24510/sogo triaging for bullseye as ignored.

[Tobias Frost (@tobi)]

Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c0ffd6f0 by Tobias Frost at 2026-01-04T20:40:12+01:00
CVE-2024-24510/sogo triaging for bullseye as ignored.

Bullseye does not have the required sanitizing code module, it would
required backporting those codeparts and all the logic needed to connect it to
the application. Backporting all the required code paths, including some
refactoring that has been done in the mean time, will have a complexity
and high risk for regression.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -157251,7 +157251,7 @@ CVE-2024-27364 (An issue was discovered in Mobile Processor, Wearable Processor
 CVE-2024-24510 (Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows ...)
 	- sogo 5.10.0-1
 	[bookworm] - sogo <no-dsa> (Minor issue, can be fixed via point release)
-	[bullseye] - sogo <postponed> (Follow bookworm updates)
+	[bullseye] - sogo <ignored> (fix requires an intrusive backport and entails a high regression risk)
 	NOTE: Fixed by: https://github.com/Alinto/sogo/commit/21468700718ed71774eaf2979ee59330fc569424 (SOGo-5.10.0)
 CVE-2023-50883 (ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediat ...)
 	NOT-FOR-US: ONLYOFFICE Docs



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0ffd6f08a95925cb295d24099f6a8910a1b347d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0ffd6f08a95925cb295d24099f6a8910a1b347d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260104/69eaa765/attachment.htm>