|
|
Log in / Subscribe / Register

Debian alert DLA-4434-1 (sogo)



From:
              Tobias Frost <tobi@debian.org>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 4434-1] sogo security update


Date:
              Sat, 10 Jan 2026 13:46:54 +0100


Message-ID:
              <aWJKPhiOyCi5bMrg@isildor2.loewenhoehle.ip>


-------------------------------------------------------------------------
Debian LTS Advisory DLA-4434-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                         Tobias Frost
January 06, 2026                              https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : sogo
Version        : 5.0.1-4+deb11u3
CVE ID         : CVE-2024-34462 CVE-2025-63499
Debian Bug     : 1071163 1121952

Several XSS vulnerabiltiies have been found in SOGo, a groupware server.

CVE-2024-34462

    XSS during attachment preview.

CVE-2025-63499

    Cross Site Scripting (XSS) via the theme parameter.   

For Debian 11 bullseye, these problems have been fixed in version
5.0.1-4+deb11u3.

We recommend that you upgrade your sogo packages.

For the detailed security status of sogo please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/sogo

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmliSjcACgkQkWT6HRe9
XTb+ZQ//dfKsaB9inB9+l/A5WGr5pJ0oWcLwywO+eCwHEE5qQQ5qipkfbkwFLZpk
Xm/bz59mmGf499mWqJIxE6MBare4AD4kcJ7W2dGlhyVlAQrmLWex5Y5yRd1doOch
TsjndzozRBAYISFOKdt5p5WJxojhyHU5PZzQ9AHEJ17UDjYlaRxKCjKU3qNstU1Z
uZTz3Qw2U1UKJaVWCYha3+tGO+zCDgWRqd0jGnDsOkVURMJLRVo2nRiZNpb4yE4U
T4WIvr/hiHWpeUYVUXAh2E5OtVKZSLdUaFPtojfZrC3IEwt0zDUojTRFTXla99C5
WhAU/kU6ZGiuwEN4BagHE2B+NkGE/rof93K7F7VlGChiiPNfwS3R0aeOpakSEzmt
WRQwfo8jMDHSCdKLvbyVUBh+9cM7Bf15ZLRwkap/KxOqNH9y8YGjDEIzuS07FYXy
coPiNUxAC/ybTZNI3dy2KttLH0Ubw7pwm4A5KOtKkCrIJ+gdJROrXWXPQx8rtXLY
GoFCuQgvIRNpwStCoE2YJF97HtHaK420LKhuJacDaFTBDkI5b7v4Cuy58eCokI5Z
8p7ka/KfImRdsKtE5OI93WFPasGrdnWpKOFzrNvL8v6SNsnaCqYI8+rr/xV7H+fd
HszQVmr7c+cwgS55TUO1ClS9LjY5HSHvNTXyb5EnLEs4NCDqmAA=
=AHHH
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds