Bug#1124367: trixie-pu: package sogo/5.12.1-3+deb13u1

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>, Tobias Frost <tobi@debian.org>, 1124367@bugs.debian.org
Subject: Bug#1124367: trixie-pu: package sogo/5.12.1-3+deb13u1
From: Tobias Frost <tobi@frost.de>
Date: Wed, 31 Dec 2025 16:54:28 +0000
Message-id: <[🔎] 62D18C8B-A312-482C-8EA2-E693C57F0C57@frost.de>
Reply-to: Tobias Frost <tobi@frost.de>, 1124367@bugs.debian.org
In-reply-to: <[🔎] 28d9be5cf14bdeafd251a0854412edb506f0177d.camel@adam-barratt.org.uk>
References: <[🔎] aVT-b5_pd8VaFWZt@frost.de> <[🔎] 28d9be5cf14bdeafd251a0854412edb506f0177d.camel@adam-barratt.org.uk> <[🔎] aVT-b5_pd8VaFWZt@frost.de>

Am 31. Dezember 2025 16:19:19 UTC schrieb "Adam D. Barratt" <adam@adam-barratt.org.uk>:
>On Wed, 2025-12-31 at 11:43 +0100, Tobias Frost wrote:
>> This s-p-u fixes CVE-2025-63498 and CVE-2025-63499, two XSS
>> vulnerabilities.
>> The plan is to fix sogos vulnerabilities in all the releases, also
>> LTS, being stable the first step.
>> Fixing
>>   * CVE-2025-63498 - Cross Site Scripting (XSS)
>>   * CVE-2025-63499 - Cross Site Scripting (XSS) (Closes: #1121952)
>
>Unless I missed something, this:
>
>+sogo (5.12.1-3+deb13u1) trixie; urgency=high
>+
>+  * Non-maintainer upload by the Security Team.
>
>is inaccurate.
>
>Regards,
>
>Adam

right, that slipped through... i can fix this and re-upload, of course.

Reply to:

References:
- Bug#1124367: trixie-pu: package sogo/5.12.1-3+deb13u1
  - From: Tobias Frost <tobi@debian.org>
- Bug#1124367: trixie-pu: package sogo/5.12.1-3+deb13u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Processed: fix messed up title
Next by Date: NEW changes in stable-new
Previous by thread: Bug#1124367: trixie-pu: package sogo/5.12.1-3+deb13u1
Next by thread: Bug#1124388: release.debian.org: package libguestfs/1:1.54.1-2+deb13u1
Index(es):
- Date
- Thread