[Git][security-tracker-team/security-tracker][master] CVE-2023-48104/sogo - triaging as ignored/too intrusive.

Tobias Frost (@tobi) tobi at debian.org
Sun Jan 4 19:49:30 GMT 2026 


Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9683fa3c by Tobias Frost at 2026-01-04T20:48:41+01:00
CVE-2023-48104/sogo - triaging as ignored/too intrusive.

Bullseye does not have the required sanitizing code module, it would
required backporting those codeparts and all the logic needed to connect it to
the application. Backporting all the required code paths, including some
refactoring that has been done in the mean time, will have a complexity
and high risk for regression.

(This is the same verdict as CVE-2024-24510 -- they are using the same
code for saniziting...)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -224322,7 +224322,7 @@ CVE-2023-49106 (Missing Password Field Masking vulnerability in Hitachi Device M
 CVE-2023-48104 (Alinto SOGo before 5.9.1 is vulnerable to HTML Injection.)
 	- sogo 5.9.1-1 (bug #1060925)
 	[bookworm] - sogo <no-dsa> (Minor issue)
-	[bullseye] - sogo <postponed> (Minor issue)
+	[bullseye] - sogo <ignored> (fix requires an intrusive backport and entails a high regression risk)
 	[buster] - sogo <ignored> (Minor issue)
 	NOTE: Fixed by: https://github.com/Alinto/sogo/commit/7481ccf37087c3f456d7e5a844da01d0f8883098 (SOGo-5.9.1)
 CVE-2023-47460 (SQL injection vulnerability in Knovos Discovery v.22.67.0 allows a rem ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9683fa3cb21909dc5e3579797fa1711584f40718

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9683fa3cb21909dc5e3579797fa1711584f40718
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260104/4df4a485/attachment.htm>

More information about the debian-security-tracker-commits mailing list