[Git][security-tracker-team/security-tracker][master] CVE-2022-4558/sogo - triaging as ignored/too intrusive for bullseye

[Tobias Frost (@tobi)]

Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6c27e3e7 by Tobias Frost at 2026-01-06T14:30:01+01:00
CVE-2022-4558/sogo - triaging as ignored/too intrusive for bullseye

Bullseye does not have the required sanitizing code module, it would
required backporting those codeparts and all the logic needed to connect it to
the application. Backporting all the required code paths, including some
refactoring that has been done in the mean time, will have a complexity
and high risk for regression.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -294965,7 +294965,7 @@ CVE-2022-4559 (A vulnerability was found in INEX IPX-Manager up to 6.2.0. It has
 	NOT-FOR-US: INEX IPX-Manager
 CVE-2022-4558 (A vulnerability was found in Alinto SOGo up to 5.7.1. It has been clas ...)
 	- sogo 5.8.0-1
-	[bullseye] - sogo <no-dsa> (Minor issue)
+	[bullseye] - sogo <ignored> (fix requires an intrusive backport and entails a high regression risk)
 	[buster] - sogo <no-dsa> (Minor issue)
 	NOTE: https://github.com/Alinto/sogo/commit/1e0f5f00890f751e84d67be4f139dd7f00faa5f3 (SOGo-5.8.0)
 CVE-2022-4557 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c27e3e7f836d367bc25affa38fd7d3cc9b43501

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c27e3e7f836d367bc25affa38fd7d3cc9b43501
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260106/4b68da46/attachment.htm>