-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 04 Jan 2026 17:27:30 +0100 Source: sogo Binary: sogo sogo-activesync sogo-activesync-dbgsym sogo-dbgsym Architecture: amd64 Version: 5.8.0-2+deb12u1 Distribution: bookworm Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) Changed-By: Tobias Frost Description: sogo - Scalable groupware server sogo-activesync - Scalable groupware server - ActiveSync module Closes: 1060925 1071163 1121952 Changes: sogo (5.8.0-2+deb12u1) bookworm; urgency=high . [ Tobias Frost ] * Non-maintainer upload. * Cherry-pick patch from salsa repo to fix below mentioned WSTG-INPV-02 issue. (The patch was present in the git repo, but the never released as part of a package) * CVE-2024-48104 - HTML Injection (Closes: #1060925) * CVE-2024-24510 - CSS Injection * CVE-2024-34462 - Cross Site Scripting (XSS) (Closes: #1071163) * CVE-2025-63498 - Cross Site Scripting (XSS) * CVE-2025-63499 - Cross Site Scripting (XSS) (Closes: #1121952) . [ Jordi Mallach ] * Add upstream fix for a WSTG-INPV-02 security issue, crash on invalid mailIdentities. Checksums-Sha1: 23948f2d48d04d1856e652f9b481b7fc8ba4a4cc 95928 sogo-activesync-dbgsym_5.8.0-2+deb12u1_amd64.deb c72ea30b763a4c9d16647e918c16f918d8d1f1ae 217116 sogo-activesync_5.8.0-2+deb12u1_amd64.deb 67f61841380616a53263c76758362ea519da38de 1108500 sogo-dbgsym_5.8.0-2+deb12u1_amd64.deb c3ccf74533f800036baaca4abfb501d0e603572e 11167 sogo_5.8.0-2+deb12u1_amd64-buildd.buildinfo 56aad2e1a18af16a746a92e25dd49495772485bf 1312352 sogo_5.8.0-2+deb12u1_amd64.deb Checksums-Sha256: e9dfa832a2295679bd12189034af7671d61de26090aeb3d370416c841e03bcf3 95928 sogo-activesync-dbgsym_5.8.0-2+deb12u1_amd64.deb 2340a525b31a7aa05d6217f0d6414a91629d0adfaa4108841ec609311648ee4b 217116 sogo-activesync_5.8.0-2+deb12u1_amd64.deb 7b57a55698516da41bf3d5cb8299c5d32409b1d890069fc9b90bc4b8d3aa6416 1108500 sogo-dbgsym_5.8.0-2+deb12u1_amd64.deb 50adef3531b51b64d6d67b6d5767f6c137c25c0a5921e2cba6b85f1d49e38ca1 11167 sogo_5.8.0-2+deb12u1_amd64-buildd.buildinfo b86d587fd1ef9a3b570b34da5c153411bbb82dd4b10536fd48eba76364ff0cff 1312352 sogo_5.8.0-2+deb12u1_amd64.deb Files: 58156ce27bebf00513b07e7d66e987db 95928 debug optional sogo-activesync-dbgsym_5.8.0-2+deb12u1_amd64.deb 86002a9909c8aee4ec9ac1ec33c8d962 217116 mail optional sogo-activesync_5.8.0-2+deb12u1_amd64.deb 267eb96059147b35550d30f6ff921a0a 1108500 debug optional sogo-dbgsym_5.8.0-2+deb12u1_amd64.deb 129403cfbee98fd84457f47f8d34e09b 11167 mail optional sogo_5.8.0-2+deb12u1_amd64-buildd.buildinfo 49a47b589004f565e76f38e2115190ed 1312352 mail optional sogo_5.8.0-2+deb12u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEnw0rdzqckKx6dwRTEbCLukZn24oFAmlav3wACgkQEbCLukZn 24rk0Q//X/dFJxmUaePKhWxlFp8R4NojcgRvO8l4VK2bf35BQQ40fMvyfI7ErOcQ O9+D2Q0ffn49sfermPH8VaxIzMntpXzNKsRKb5N0lHk7Ltmu2Sxg/knuhImvl/b1 uljo47N+8Md7nISI2IHSGf/a/jdHSfbcaOANtIOUtHSEujgRYbA9Td52rariykjn ivg0/xRYg6wIK3vjm5VPOHDTDugpJLAApo3VkZy48VV5MSk+lKfVWuRa2tPv6Pa2 prbdKjhDZXm+vKqmiS5JFkAH5NmnKE4a8Tn48Xe6IBR60Nxx+/iK83tv7mECDqa4 wUSxFsk6+oZ5ZoYhZEkwLXLJUp+2uT7XJnPz2q3vXWOwH1re6MbjcU49qvwvLFwd GAah3wqAAq+WUUojVbihl012TBglE6IZoV04KJ0ZksRWCCMQEFSzB6AHwLqQ+h6/ 7WslNu4JMbltrpEimxSYdWKFBM6zqQynkYRKy446/UT3TXxiXWUjVLVv/nskavJk LE5FuViP5OrDfWCwxw1B6n/Kc+lkxXGTgoqzhFgpzz29jcFfehl0HTv8dvMterkM 3TxKorZjXMIAteSqIZooYWbKMTFb9EyXI+3SYLca1ZmG+v2cVI+y1daKwdomIC47 cxmQlmEk2nAXbWHaC0K0TiaGnxGWcaZ31N10tAJDA+VLweTYKvQ= =l9sy -----END PGP SIGNATURE-----