[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 4386-1] sogo security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4386-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Paride Legovini
November 28, 2025                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : sogo
Version        : 5.0.1-4+deb11u2
CVE ID         : CVE-2025-63498
Debian Bug     :

The SOGo groupware server is vulnerable to Cross Site Scripting (XSS) via the
"userName" parameter, allowing arbitrary JavaScript to be executed when a user
visits the authentication page.

For Debian 11 bullseye, this problem has been fixed in version
5.0.1-4+deb11u2.

We recommend that you upgrade your sogo packages.

For the detailed security status of sogo please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/sogo

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

wsC7BAEBCgBvBYJpKcFTCRDWWGGIPgFNuUcUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmdlJKVs2b0PdpjsBXuyu9Mo6Ddl4xhKsyR4iOGepU4o
sxYhBFYa1YXu12aSG6jdltZYYYg+AU25AAC8zwf/aPBc5XYTaWhssRFcdnndRdDh
dm+DcgEtTkS4G8BqnjpRLGPQz/a8Bl2Nvtr+/DZ4J0JTNu4zXnyN+nXncKiIqIhC
5Ru+/WeO/dUggiSr3gBGkxZhx7bkuKD9VuQJ/230K7X3Cs+5R+nFn/g5yA7KfMdu
UdDBKm4QhWirIQeQzq8wB1zt/wOLCmQpXoD18x2W/KpazmfGkp/WZTrJt3HxST1M
zNg0je7u/zNKfpmavWlfYqioFUsx/THTnSAe3qVah65dod7J6VoRCl2H45NIKwdz
SzvaBHl4MtQzvEsoBmBZ5S+VbZxJl7zkQQsecOs0EAFMRgq1sxNOv0d9/Stm8A==
=MucK
-----END PGP SIGNATURE-----
Reply to: