Sogo for Trixie

To: team@security.debian.org
Cc: Debian LTS <debian-lts@lists.debian.org>, sogo@packages.debian.org
Subject: Sogo for Trixie
From: Tobias Frost <tobi@debian.org>
Date: Wed, 24 Dec 2025 13:40:06 +0100
Message-id: <[🔎] aUvfJuY5qQjgHQFa@isildor2.loewenhoehle.ip>

Hi,

I'm currently working (for LTS) on sogo, and for that I've just uploaded
an fix for CVE-2025-63499 to DELAYED-2 for unstable.

After that I'd go for trixie, with additionally fixing CVE-2025-63498.

(As the final target is providing fixes for LTS, I'll also tackle the
open vulnerabilities for bookworm.)

sogo is in dsa-needed.txt, trixies CVEs are all triaged "vulnerable",
boowkorm's are mixed "no-dsa" and "vulnerable."

As the next point release are near too, I can also do a s-p-u, or
prepare a security upload and then hand over to you (like we did for
libpng)

Please let me know how I should proceed..

--
happy holidays,
tobi

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Sogo for Trixie
  - From: Tobias Frost <tobi@debian.org>
- Re: Sogo for Trixie
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: [hmh@debian.org: Re: Bug#1109035: amd64-microcode: 2024-36350/TSA-SQ and CVE-2024-36357/TSA-L1]
Next by Date: Re: Sogo for Trixie
Previous by thread: [hmh@debian.org: Re: Bug#1109035: amd64-microcode: 2024-36350/TSA-SQ and CVE-2024-36357/TSA-L1]
Next by thread: Re: Sogo for Trixie
Index(es):
- Date
- Thread