Bug#1124367: trixie-pu: package sogo/5.12.1-3+deb13u1

To: Tobias Frost <tobi@debian.org>, 1124367@bugs.debian.org
Subject: Bug#1124367: trixie-pu: package sogo/5.12.1-3+deb13u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Wed, 31 Dec 2025 16:19:19 +0000
Message-id: <[🔎] 28d9be5cf14bdeafd251a0854412edb506f0177d.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1124367@bugs.debian.org
In-reply-to: <[🔎] aVT-b5_pd8VaFWZt@frost.de>
References: <[🔎] aVT-b5_pd8VaFWZt@frost.de> <[🔎] aVT-b5_pd8VaFWZt@frost.de>

On Wed, 2025-12-31 at 11:43 +0100, Tobias Frost wrote:
> This s-p-u fixes CVE-2025-63498 and CVE-2025-63499, two XSS
> vulnerabilities.
> The plan is to fix sogos vulnerabilities in all the releases, also
> LTS, being stable the first step.
> Fixing
>   * CVE-2025-63498 - Cross Site Scripting (XSS)
>   * CVE-2025-63499 - Cross Site Scripting (XSS) (Closes: #1121952)

Unless I missed something, this:

+sogo (5.12.1-3+deb13u1) trixie; urgency=high
+
+  * Non-maintainer upload by the Security Team.

is inaccurate.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#1124367: trixie-pu: package sogo/5.12.1-3+deb13u1
  - From: Tobias Frost <tobi@frost.de>

References:
- Bug#1124367: trixie-pu: package sogo/5.12.1-3+deb13u1
  - From: Tobias Frost <tobi@debian.org>

Prev by Date: Bug#1124388: release.debian.org: package libguestfs/1:1.54.1-2+deb13u1
Next by Date: Processed: fix messed up title
Previous by thread: Processed: trixie-pu: package sogo/5.12.1-3+deb13u1
Next by thread: Bug#1124367: trixie-pu: package sogo/5.12.1-3+deb13u1
Index(es):
- Date
- Thread