-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 04 Jan 2026 17:27:30 +0100 Source: sogo Binary: sogo sogo-activesync sogo-activesync-dbgsym sogo-dbgsym Architecture: arm64 Version: 5.8.0-2+deb12u1 Distribution: bookworm Urgency: high Maintainer: arm Build Daemon (arm-ubc-05) Changed-By: Tobias Frost Description: sogo - Scalable groupware server sogo-activesync - Scalable groupware server - ActiveSync module Closes: 1060925 1071163 1121952 Changes: sogo (5.8.0-2+deb12u1) bookworm; urgency=high . [ Tobias Frost ] * Non-maintainer upload. * Cherry-pick patch from salsa repo to fix below mentioned WSTG-INPV-02 issue. (The patch was present in the git repo, but the never released as part of a package) * CVE-2024-48104 - HTML Injection (Closes: #1060925) * CVE-2024-24510 - CSS Injection * CVE-2024-34462 - Cross Site Scripting (XSS) (Closes: #1071163) * CVE-2025-63498 - Cross Site Scripting (XSS) * CVE-2025-63499 - Cross Site Scripting (XSS) (Closes: #1121952) . [ Jordi Mallach ] * Add upstream fix for a WSTG-INPV-02 security issue, crash on invalid mailIdentities. Checksums-Sha1: 130b97ff4ac3893614474529fbe75bc73429ac58 93196 sogo-activesync-dbgsym_5.8.0-2+deb12u1_arm64.deb b5ec2635ad96f8b9d26a88c3bc92b3fa4e888c18 187580 sogo-activesync_5.8.0-2+deb12u1_arm64.deb 98e0bf75051a4d1956992dcba0bf00dd38a023e4 1086516 sogo-dbgsym_5.8.0-2+deb12u1_arm64.deb 4826411b230370f634925ad9d23912b6971253e7 11166 sogo_5.8.0-2+deb12u1_arm64-buildd.buildinfo eebc1ba9cf13d6dd3eb5c77918a3fb123d55b6a4 1120536 sogo_5.8.0-2+deb12u1_arm64.deb Checksums-Sha256: 6cc0c0cfc895d0b3379f463098715cba3fe4f3315fedb4d051a04d9b1a1b30e4 93196 sogo-activesync-dbgsym_5.8.0-2+deb12u1_arm64.deb f7b02425fb851a117efb37d971faeda5f6d4f1a95e82345cbb23b1217c27f1dc 187580 sogo-activesync_5.8.0-2+deb12u1_arm64.deb 3fcf41b21bca372f8c756da373e0e6ff3397fe5da21c84f8eaaab29b9af15e46 1086516 sogo-dbgsym_5.8.0-2+deb12u1_arm64.deb b5f8012517a310bed204113530607e83ed915e3bf1438f9315ae243528394752 11166 sogo_5.8.0-2+deb12u1_arm64-buildd.buildinfo 5e94583ac7a3c0b858e3556f0126c179b954685582519cc759969256895c26a3 1120536 sogo_5.8.0-2+deb12u1_arm64.deb Files: e41f0a896102131f46a4a96e40f6bf8f 93196 debug optional sogo-activesync-dbgsym_5.8.0-2+deb12u1_arm64.deb c13496860c27b1ec7ea509ca1818cc86 187580 mail optional sogo-activesync_5.8.0-2+deb12u1_arm64.deb 063493342af5c3fa394975a466713b7f 1086516 debug optional sogo-dbgsym_5.8.0-2+deb12u1_arm64.deb 90ee927f725f6ebf312d7d2ff3fd1e58 11166 mail optional sogo_5.8.0-2+deb12u1_arm64-buildd.buildinfo 48e6d28ca00b7828bfb5105c3a0dd19b 1120536 mail optional sogo_5.8.0-2+deb12u1_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEiIG3Q3DxwDgRKKeyLRECdjCZQkcFAmlav8YACgkQLRECdjCZ QkePbA//dJIlYw8uC9n/VCcIMauFu7o7OpbkhjleL041/1hJzsy6jd+4YNCkP4EI JP5pVHKuzzn7KWaiUt7x3Tsz/SHUqGFerItvqV+N2m7v6egR1HFJ9C7OkfqNJJ45 NPGE9izX95IH1ZsccIPBDUfI0lrjHtUi6P6Mg4eXRrvOGhBCL5f43PyUaLJxh/lN TgH90mUT3tmNq6wl8ZVSz4LVuU/vjV6o3UcZJUtrBL0HOkRUtx9fjhlRNMkjiHjY XNh1S0F7qf+3giQK+lCkQMA0msgJs2uOeWbzfd4Mb3ImYwl4O+s7nbbz3Co/SA1+ 7/c5GDYkvkCZu5RVk7OBpxV5QVAqgyoziRhk4wwSS2QnYqitwfBNJVdczJj7gJVj AcVHmf680R+8ahJzmzXGNGOkTgNxm7j1sC/5/OC4jnYHCcCw0yzu+Hp836z8GVvh /NF2WnbmcxlNgha81v+7pQHgioITG8YkLjVtaNa094wLBzOIpHRhRG1xaVCOmeIq Sg6gHSoYLpuIdUiDoELTCHtKG0Ik0FFDDFScCUd5ntuvJhxkgY+DXd1zRUIbElvL 8pw/x9uaRpLxh1r/koiCqOqpA9qbrgbnPcYmv71fP2Udvv/kfwQEnynIHHGmuwDS oQ9OdIIVeB+UDuTMfg8lOpx17SfioXSC+aAToJC8dmgVyP4VEfg= =Z4MA -----END PGP SIGNATURE-----