[Git][security-tracker-team/security-tracker][master] CVE-2022-4556/sogo - triaging as ignored/too intrusive for bullseye

[Tobias Frost (@tobi)]

Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8070dbfb by Tobias Frost at 2026-01-06T14:33:23+01:00
CVE-2022-4556/sogo - triaging as ignored/too intrusive for bullseye

Bullseye does not have the required sanitizing code module, it would
required backporting those codeparts and all the logic needed to connect it to
the application. Backporting all the required code paths, including some
refactoring that has been done in the mean time, will have a complexity
and high risk for regression.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -294972,7 +294972,7 @@ CVE-2022-4557 (Improper Neutralization of Special Elements used in an SQL Comman
 	NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web
 CVE-2022-4556 (A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as ...)
 	- sogo 5.8.0-1
-	[bullseye] - sogo <no-dsa> (Minor issue)
+	[bullseye] - sogo <ignored> (fix requires an intrusive backport and entails a high regression risk)
 	[buster] - sogo <no-dsa> (Minor issue)
 	NOTE: https://github.com/Alinto/sogo/commit/efac49ae91a4a325df9931e78e543f707a0f8e5e (SOGo-5.8.0)
 CVE-2022-4555 (The WP Shamsi plugin for WordPress is vulnerable to authorization bypa ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8070dbfb57dd6e51b186c7bbffffa37d9c137541

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8070dbfb57dd6e51b186c7bbffffa37d9c137541
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260106/f7d50782/attachment.htm>