-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 04 Jan 2026 17:27:30 +0100
Source: sogo
Binary: sogo-common
Architecture: all
Version: 5.8.0-2+deb12u1
Distribution: bookworm
Urgency: high
Maintainer: all / amd64 / i386 Build Daemon (x86-grnet-03) <buildd_amd64-x86-grnet-03@buildd.debian.org>
Changed-By: Tobias Frost <tobi@debian.org>
Description:
 sogo-common - Scalable groupware server - common files
Closes: 1060925 1071163 1121952
Changes:
 sogo (5.8.0-2+deb12u1) bookworm; urgency=high
 .
   [ Tobias Frost ]
   * Non-maintainer upload.
   * Cherry-pick patch from salsa repo to fix below mentioned
     WSTG-INPV-02 issue. (The patch was present in the git repo,
     but the never released as part of a package)
   * CVE-2024-48104 - HTML Injection (Closes: #1060925)
   * CVE-2024-24510 - CSS Injection
   * CVE-2024-34462 - Cross Site Scripting (XSS) (Closes: #1071163)
   * CVE-2025-63498 - Cross Site Scripting (XSS)
   * CVE-2025-63499 - Cross Site Scripting (XSS) (Closes: #1121952)
 .
   [ Jordi Mallach ]
   * Add upstream fix for a WSTG-INPV-02 security issue, crash on
     invalid mailIdentities.
Checksums-Sha1:
 67a039d819100867e17fb9b685d19d0735b7398f 17725124 sogo-common_5.8.0-2+deb12u1_all.deb
 d144d3ad552d3a6e39072a99347a1eb4d8223106 10263 sogo_5.8.0-2+deb12u1_all-buildd.buildinfo
Checksums-Sha256:
 cf8e40069828780262aa113e08db3f4808bc30b63b53de9f0062f4b1c58f371a 17725124 sogo-common_5.8.0-2+deb12u1_all.deb
 2b9825e4454220f9277dbee8490edff2566bac8af070ef7035193e68c9f131bd 10263 sogo_5.8.0-2+deb12u1_all-buildd.buildinfo
Files:
 a2c9f619ad40b0eb2888a163cb518aa7 17725124 mail optional sogo-common_5.8.0-2+deb12u1_all.deb
 453b2c665d8a7e4ce4ff4d4630b0f303 10263 mail optional sogo_5.8.0-2+deb12u1_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEHqtYLkdKRyCY94K8fUw6/tXbAmMFAmlav9cACgkQfUw6/tXb
AmM1Jw/+Ku4KyWzQXDgKGG+jXaBGl7yQc4hYaBb9HIimn1nKukt21CXJyFGia21/
4F+Yi7KkKN3qflsLtdUugLv5wqQJC8cbJrQvxfGLBuKRCf148pNiay+3i8ioi+St
7tURkgCz4WzdPedwAdvB3eQFLCK0OYiQKYJjyzkjJjrigCp4yFS5hmiVlbcRW+4r
2o66K20up9TdRnzUsSCMCA5Vyfq0+nDZgWwsm/uTe7WRelaFB5jnPOU7GqDWNbbv
gSoDdauXcvC4qqachvAg4fkoli2i79y1Kmd038gbv76C7rcQY4y+ox+LxMhVEQQZ
ztkO8kc0TimAnshI1MWXwwMtfhnOPVqxTYfeWOKWfik+4V+E+yhSPybJ3H+hX+cJ
/FfDXAV9aVTFIdvHPXlgx7jXYLkaFyJ7k7U8idAYufIUvqao/dn9R6t2dQ/gdNsz
G63/9pB+0L0CPruJwdKjZfwsB3x3kcdKVznzivMv6upICiCjurZKbD2OHIAMIFI4
h4zdj1KM4oKxak4a6pv3mt/3bbAMnZRZTgeIHJYycE/SJuWpqxjlW4cWimpvPTU8
YXJQGHr7LCxtoMGxnwQAvtsT9cqGOHeYodwVd77F0YDUlLIBJCfQQe8dKrCWK3S9
Nr6OFJlMT0AjSl7eGsfABHz4sgBmSMtknV48eRHAOCdzR62TBLg=
=Er8t
-----END PGP SIGNATURE-----