Re: Sogo for Trixie

To: Tobias Frost <tobi@debian.org>
Cc: team@security.debian.org, Debian LTS <debian-lts@lists.debian.org>, sogo@packages.debian.org
Subject: Re: Sogo for Trixie
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 31 Dec 2025 09:47:30 +0100
Message-id: <[🔎] aVTjIosx0vGhW68x@eldamar.lan>
Mail-followup-to: Tobias Frost <tobi@debian.org>, team@security.debian.org, Debian LTS <debian-lts@lists.debian.org>, sogo@packages.debian.org
In-reply-to: <[🔎] aUvfJuY5qQjgHQFa@isildor2.loewenhoehle.ip>
References: <[🔎] aUvfJuY5qQjgHQFa@isildor2.loewenhoehle.ip>

Hi Tobias,

On Wed, Dec 24, 2025 at 01:40:06PM +0100, Tobias Frost wrote:
> Hi,
> 
> I'm currently working (for LTS) on sogo, and for that I've just uploaded
> an fix for CVE-2025-63499 to DELAYED-2 for unstable.
> 
> After that I'd go for trixie, with additionally fixing CVE-2025-63498.
> 
> (As the final target is providing fixes for LTS, I'll also tackle the
> open vulnerabilities for bookworm.)
> 
> sogo is in dsa-needed.txt, trixies CVEs are all triaged "vulnerable",
> boowkorm's are mixed "no-dsa" and "vulnerable."
> 
> As the next point release are near too, I can also do a s-p-u, or
> prepare a security upload and then hand over to you (like we did for
> libpng)
> 
> Please let me know how I should proceed..

Given the point releases are 1.5 weeks ahead it looks sensible to me
to just batch the updates with other updates together in the upcoming
point releases.

Regards,
Salvatore

Reply to:

References:
- Sogo for Trixie
  - From: Tobias Frost <tobi@debian.org>

Prev by Date: Debian (E)LTS report for December 2025
Previous by thread: Re: Sogo for Trixie
Next by thread: Debian (E)LTS report for December 2025
Index(es):
- Date
- Thread