-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 04 Jan 2026 17:27:30 +0100
Source: sogo
Architecture: source
Version: 5.8.0-2+deb12u1
Distribution: bookworm
Urgency: high
Maintainer: Debian SOGo Maintainers <pkg-sogo-maintainers@lists.alioth.debian.org>
Changed-By: Tobias Frost <tobi@debian.org>
Closes: 1060925 1071163 1121952
Changes:
 sogo (5.8.0-2+deb12u1) bookworm; urgency=high
 .
   [ Tobias Frost ]
   * Non-maintainer upload.
   * Cherry-pick patch from salsa repo to fix below mentioned
     WSTG-INPV-02 issue. (The patch was present in the git repo,
     but the never released as part of a package)
   * CVE-2024-48104 - HTML Injection (Closes: #1060925)
   * CVE-2024-24510 - CSS Injection
   * CVE-2024-34462 - Cross Site Scripting (XSS) (Closes: #1071163)
   * CVE-2025-63498 - Cross Site Scripting (XSS)
   * CVE-2025-63499 - Cross Site Scripting (XSS) (Closes: #1121952)
 .
   [ Jordi Mallach ]
   * Add upstream fix for a WSTG-INPV-02 security issue, crash on
     invalid mailIdentities.
Checksums-Sha1:
 9ef6556fded1e642d1dd73d5321ed81536f69000 2296 sogo_5.8.0-2+deb12u1.dsc
 53cf3471d97d0ea029b07b9f31d1a42afb6a3bd8 34926380 sogo_5.8.0.orig.tar.gz
 a194c78832c7f6ee7caa7767e41df0b4e642306b 22008 sogo_5.8.0-2+deb12u1.debian.tar.xz
 09895ed6934366a23e0c9762c97a6ba872626b03 13410 sogo_5.8.0-2+deb12u1_source.buildinfo
Checksums-Sha256:
 49aed28e61944a42a94f821f795f3468bd5855c786b58c1ea99a1a1b85283bbb 2296 sogo_5.8.0-2+deb12u1.dsc
 0031e30f48b523ec5c015f5f3fe90184e8a9abdfa3efe3ab08fd980ab7173380 34926380 sogo_5.8.0.orig.tar.gz
 0aaa29e8ed352a9e403409e5e00bf3b4840553032afc142d9ed13d13eb04e714 22008 sogo_5.8.0-2+deb12u1.debian.tar.xz
 daeb6275c1b4c32560b5496b88f4a220d542a15c5828d8710650b28024c73f01 13410 sogo_5.8.0-2+deb12u1_source.buildinfo
Files:
 34fa21c00cde649118055e5591c532e4 2296 mail optional sogo_5.8.0-2+deb12u1.dsc
 07da886b2b4faa942d68af8a3d6a38a6 34926380 mail optional sogo_5.8.0.orig.tar.gz
 88e83df11ae85ad92f8d88771a76d5d3 22008 mail optional sogo_5.8.0-2+deb12u1.debian.tar.xz
 629fe7bfa7ed00f5adce9b32bcfa38e5 13410 mail optional sogo_5.8.0-2+deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmlam60ACgkQkWT6HRe9
XTal8RAAjSZ8SiAJ/NFjligDhdJljxn4La8+u+OJQQrjeUvGhfZdaeTiCm8cqvyb
ZTKPQtq5D3Dq99T1C3r+S/rFOoI2BQd/QJGN2pYBFv5iCRI9JoWe3xKmIZnQ3yyl
BQV1Fp+HTIA4ZaYidpqd7PF0aF556CJ8kC7PhTCrCMrjRKHA3OwRWtWEow9wmrPF
L0vAm302SLnYigY6oH7wotdoOo6TPfezIGW0NKsX2L9Gd9DEgwSpAs6azW0wfDdv
9JL4AyBOYJEZZveOwdTPzCzfV61YY/4gQKU/bNRg+OL+aunKY+EhxNqk2TfSFNhr
/duSAvnYlZ0hP/ksjIM2OYe6KtxZRjO8HGoqZods2ThOB6vPyhCoX3y5ytzZ/y1T
1SBQZmG/5SSmeQAL/tp5hdkpwsUSebJmem4nc+cxaZH8pgu01dAutHdyGp/kXzo0
tDEDQ4Xw2dB3OD/gCJkNypsXNlZ3lnEN6Eod1LAuA+4gdD17F8LW8q7E+eGhWZha
L2+PhtFrRSM11KrJ0exFrtAWHGCi4c2vHjCbXWuYUx8OrkMM7x9/OWjkBvDnHRKm
9lCLPUTHjxymRqhgX6UGBIxe0zgpmYMZWrbQbxkdJ/6sTuwY90toUJMpe0ThW3jM
gAzMldBZjjV42L6hpN+fENIsXbyTbYnjJhfjsnMmqZkz+3KQtyo=
=p0fB
-----END PGP SIGNATURE-----