-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 04 Jan 2026 17:27:30 +0100 Source: sogo Binary: sogo sogo-activesync sogo-activesync-dbgsym sogo-dbgsym Architecture: i386 Version: 5.8.0-2+deb12u1 Distribution: bookworm Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-ubc-02) Changed-By: Tobias Frost Description: sogo - Scalable groupware server sogo-activesync - Scalable groupware server - ActiveSync module Closes: 1060925 1071163 1121952 Changes: sogo (5.8.0-2+deb12u1) bookworm; urgency=high . [ Tobias Frost ] * Non-maintainer upload. * Cherry-pick patch from salsa repo to fix below mentioned WSTG-INPV-02 issue. (The patch was present in the git repo, but the never released as part of a package) * CVE-2024-48104 - HTML Injection (Closes: #1060925) * CVE-2024-24510 - CSS Injection * CVE-2024-34462 - Cross Site Scripting (XSS) (Closes: #1071163) * CVE-2025-63498 - Cross Site Scripting (XSS) * CVE-2025-63499 - Cross Site Scripting (XSS) (Closes: #1121952) . [ Jordi Mallach ] * Add upstream fix for a WSTG-INPV-02 security issue, crash on invalid mailIdentities. Checksums-Sha1: a37ac4895423e51c5a5364867df08a71457b5d52 94212 sogo-activesync-dbgsym_5.8.0-2+deb12u1_i386.deb 52c68165a0017dea317924807d052057224f2163 183596 sogo-activesync_5.8.0-2+deb12u1_i386.deb 2f55ee7f6abf1626af9a35313bf5dc6e7131b94b 1088852 sogo-dbgsym_5.8.0-2+deb12u1_i386.deb a392c60675d0b6777d0d9f5d983cbb88aeaab4de 11085 sogo_5.8.0-2+deb12u1_i386-buildd.buildinfo 47cf9dd1a17fb906b636bf4b519723fb28f30876 1058560 sogo_5.8.0-2+deb12u1_i386.deb Checksums-Sha256: 3f8e26c8f421d2f24cada8d4c48d5d52ab5cfea61078fbf486fd3cf874ea4ef2 94212 sogo-activesync-dbgsym_5.8.0-2+deb12u1_i386.deb 40510d328442fa873b2be2cf35d8b2a925058ae2f9d116c194f000f5d99cd093 183596 sogo-activesync_5.8.0-2+deb12u1_i386.deb 635ff8cf558a75186a690e0533fedbc30e3d901bc89b51a33bdba8bfad1e6d18 1088852 sogo-dbgsym_5.8.0-2+deb12u1_i386.deb f28083d97fb633438f25584e448e017f6d430d0eab1f48b0c7a7b9de2fa08d8f 11085 sogo_5.8.0-2+deb12u1_i386-buildd.buildinfo 7948acfa05388a7a7ce3e17b51605af69cc6e7da4f9fbf7ffc8356141a4185b3 1058560 sogo_5.8.0-2+deb12u1_i386.deb Files: 439b7e0c7db41e86e53f164553b8fd54 94212 debug optional sogo-activesync-dbgsym_5.8.0-2+deb12u1_i386.deb 187123e54f315081e126a13a586092b6 183596 mail optional sogo-activesync_5.8.0-2+deb12u1_i386.deb f2425ce84030ec487ea4e68408c6ab87 1088852 debug optional sogo-dbgsym_5.8.0-2+deb12u1_i386.deb b4bc75878784d2d9ca67caca66733569 11085 mail optional sogo_5.8.0-2+deb12u1_i386-buildd.buildinfo 801d9b79a78d29185d85d75ba21e1e4a 1058560 mail optional sogo_5.8.0-2+deb12u1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEc5vuvf2HND40bnI+8IREj/cRiTMFAmlav6gACgkQ8IREj/cR iTNaoQ/9HZsTNe1pQmCMIMPjQ5CypgV5bCA1NHrS582oez/Ui0gB27/VloTfUHC5 e73I0URpKoo9DuYq9pjYuCDVUgqgco2dBxTNqFw1BDhe9x0YyNCDdo3keRgQ0EI/ LwT5vZyXzYsMKipdkTRmanSB3uEzlhyV4O5tGuoosKugrhY9Qygj3GaQfYA+nl26 EhRwKxHFA+TKSpeLYiHvZwgrrRRDQh6e9JEVlzawBylqLdMIPkzhNS1AxU9UT1lg U8o6HduComB+hpxZwBe57L1iHtIfN7oU+ArV6tWREP8iBXCs3Ytk/jgrqX8BqTPd 76x0b46l7qimw03XuDKCY+uiSeTl8pOrOrvfX1Nw7pn6EM60iGWI97rPXdkvrOWu sDauHSs3dPGuVMolg3hQwHo7LSzOre/0bYL4Q0y2OL+DGC10ScOsjJQEIqWk1E12 LQVdVbGPZCboOKdvBotJrR8c6Td1iGOcgxe1fzlY5hngSedJSxy+hvWPlcDuU3MA cgTeUatp5Q5hwad1BG5bcznJ4hiIm8bHkVKIPQLtZQ1qNZDMGrQRBTBzz9SPNMwl ps4SMIWQC6OvosNzOMlzL6uxDnskzn7Jc9qFHXOnMJsM7Bq/CmjsVdJcqiuWcWOf hdpd6YCSBPWiwqvesrXW2ql6Et0uZV7tSmDDPzpkJeWHu7pP4pk= =DgaW -----END PGP SIGNATURE-----