Your message dated Fri, 26 Dec 2025 13:06:54 +0000
with message-id <[email protected]>
and subject line Bug#1121952: fixed in sogo 5.12.4-1.2
has caused the Debian Bug report #1121952,
regarding sogo: CVE-2025-63499
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1121952: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121952
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: sogo
Version: 5.12.4-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for sogo.
CVE-2025-63499[0]:
| Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via
| the theme parameter.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-63499
https://www.cve.org/CVERecord?id=CVE-2025-63499
[1]
https://github.com/Alinto/sogo/commit/16ab99e7cf8db2c30b211f0d5e338d7f9e3a9efb
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: sogo
Source-Version: 5.12.4-1.2
Done: Tobias Frost <[email protected]>
We believe that the bug you reported is fixed in the latest version of
sogo, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tobias Frost <[email protected]> (supplier of updated sogo package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 24 Dec 2025 13:18:47 +0100
Source: sogo
Architecture: source
Version: 5.12.4-1.2
Distribution: unstable
Urgency: high
Maintainer: Debian SOGo Maintainers
<[email protected]>
Changed-By: Tobias Frost <[email protected]>
Closes: 1121952
Changes:
sogo (5.12.4-1.2) unstable; urgency=high
.
* Non-maintainer upload.
* CVE-2025-63499 - Cross Site Scripting (XSS) (Closes: #1121952)
Checksums-Sha1:
6c6d1ed907a1d9c218ce0caec725d260cb6e2e23 2299 sogo_5.12.4-1.2.dsc
c90eeb1dd643d60e944721911115fdecd5b696d7 37846900 sogo_5.12.4.orig.tar.gz
fd0ffec901fdd715dbe9f2e978bf8327d5ba783b 21672 sogo_5.12.4-1.2.debian.tar.xz
ce901d57aaaebbd0859f23f984e8f56109a67c62 13390 sogo_5.12.4-1.2_source.buildinfo
Checksums-Sha256:
d76ff3fa06644abe2eb1a44b101ac39830d77054239edd09fe4a6535e99a227c 2299
sogo_5.12.4-1.2.dsc
d02d99d7f26967baf81b66516e7249658ef69836b1da03a28c5390ff3b6da31b 37846900
sogo_5.12.4.orig.tar.gz
6d6fc25a8ea9bfbef3f7f56063828805c63c1a900abb4f8898065f77b1b6ecdd 21672
sogo_5.12.4-1.2.debian.tar.xz
27bcf4997ad2b1337e1614fc2efe040b082c1283fd967a8ebddf141deb051209 13390
sogo_5.12.4-1.2_source.buildinfo
Files:
74ccf314962cdb79814cb6fc38036652 2299 mail optional sogo_5.12.4-1.2.dsc
dfbc209c3a98e7d9b4e27cd758cc7208 37846900 mail optional sogo_5.12.4.orig.tar.gz
ea478454599c6a02ac43c8048be11d04 21672 mail optional
sogo_5.12.4-1.2.debian.tar.xz
0b9b76d147b6ec0d0374e51ae89954ea 13390 mail optional
sogo_5.12.4-1.2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmlL3QkACgkQkWT6HRe9
XTajHxAAnPm6E5n372PjK03qEzALyhhb7LmA1jKUiQffCc8dOBF8wt9u4MoQdwBY
BISjYvSVJEKLB9/ALilQvS6gqqbZBCmIXVCcQyIN2jmjTgrjw8sxklGdLUdTVg/t
Oao79dbMN2Dx5JJeyRnLy8Z/ZzuGL4/e43wdUUvmlpIkJ3e6j+hXAZ2Bgy8qklh2
8MQKeMpznxkgBLGUpC8qe6k3hpii+iMaNDZRb6mhtJ1vz7LxTbHFI7VEif+kL3Lh
y5EB8VZn29DTpO4cr3zgkoaWG4TC6KcyIvD/LkPxQvnReeze1EpFfovnrMdFe9Ri
hEZ89cAm7fb3lye/OTaLFvxic9BOhUpCaYqN5ueFmlrflJs+i63wN/zV7tFF/pwn
8niem2wOWn+RlvSZh/rUBv5cgRvT1AWv0VFzdiNmflzM6MCjBLfDqwn8SdWOL8QO
Pkvcy7AbWu2NQaqGw55E80ADpa4bwx7J546cQ1enZkLSQsgezBn8emVRdjhWa1+c
kllDtiXxUSIeakPF/g2+O4xbt3xpS/TkOhqmYyWI3AzffjBq5jiEX4uRrZN3tT6/
ESRrMj14NKYY8He0dlfZhqvNEVx6CwXXXKDD7iIU83ryFAskW/9FmdgGLNpnsB5e
tA6tAAsnw+bAgYnyP93n8riP3x2y6yd0MO+YVq74X5kcLcSeC2E=
=vvzW
-----END PGP SIGNATURE-----
pgp9wDRCgo47o.pgp
Description: PGP signature
--- End Message ---
