Your message dated Thu, 01 Jan 2026 10:17:09 +0000
with message-id <[email protected]>
and subject line Bug#1121952: fixed in sogo 5.12.1-3+deb13u1
has caused the Debian Bug report #1121952,
regarding sogo: CVE-2025-63499
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1121952: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121952
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: sogo
Version: 5.12.4-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for sogo.
CVE-2025-63499[0]:
| Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via
| the theme parameter.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-63499
https://www.cve.org/CVERecord?id=CVE-2025-63499
[1]
https://github.com/Alinto/sogo/commit/16ab99e7cf8db2c30b211f0d5e338d7f9e3a9efb
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: sogo
Source-Version: 5.12.1-3+deb13u1
Done: Tobias Frost <[email protected]>
We believe that the bug you reported is fixed in the latest version of
sogo, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tobias Frost <[email protected]> (supplier of updated sogo package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 31 Dec 2025 11:33:39 +0100
Source: sogo
Architecture: source
Version: 5.12.1-3+deb13u1
Distribution: trixie
Urgency: high
Maintainer: Debian SOGo Maintainers
<[email protected]>
Changed-By: Tobias Frost <[email protected]>
Closes: 1121952
Changes:
sogo (5.12.1-3+deb13u1) trixie; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2025-63498 - Cross Site Scripting (XSS)
* CVE-2025-63499 - Cross Site Scripting (XSS) (Closes: #1121952)
Checksums-Sha1:
6db838f787f604a7918ad31d7d89a0a4fb23d8d5 2309 sogo_5.12.1-3+deb13u1.dsc
2de59939c7e78e7569672f7f20eb06449098eb4f 29624
sogo_5.12.1-3+deb13u1.debian.tar.xz
4fd84041725272d19b896a6f01d374ff33e6ddaa 14121
sogo_5.12.1-3+deb13u1_amd64.buildinfo
Checksums-Sha256:
c2583964911610e77b806b206ff4930a9c28fb40ec190fe002fdc62cd4e6994c 2309
sogo_5.12.1-3+deb13u1.dsc
92da2a814490f3831ee914ade79b03ac294332fd0b6d918cb0a7c56adf17bb65 29624
sogo_5.12.1-3+deb13u1.debian.tar.xz
441087c18396fc44f5a36461beb62b1ed8363d15861c7029c310b3fdab919696 14121
sogo_5.12.1-3+deb13u1_amd64.buildinfo
Files:
da865aebb17240e0eddce44e4b86473e 2309 mail optional sogo_5.12.1-3+deb13u1.dsc
744c005ea26b6bd7327a4d0cc7cb4fa7 29624 mail optional
sogo_5.12.1-3+deb13u1.debian.tar.xz
47e1a8830f55490c615cb8a60dd3f8e6 14121 mail optional
sogo_5.12.1-3+deb13u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmlVAIsACgkQkWT6HRe9
XTYiWhAAjmA3jSmryTkMaVq357XUmRZErZSk+Bzm1oOBW/W88GZVoEhKmTkP7zDx
Q5qViUXn5VJ408Jg3rAf7cmGqmjIYMCwOq5CHB61aapKNUnam6/8vZ1VrklN7J6/
zaXZ2/M2JxOKtgATrZ3ItRusgQ9OwONYXUfCx4FpMJGdJbJZTjKMfnn+txL+/+GJ
0IxlIujmzSx3NaN0/ZFIyN31nbNQlKp3ulYpbLANltWsiB1WvMtZYV7V9zf5hxtV
PaC8lya3nwg4rLz+Rfzm/9ctNei3VjHPjelTpPEr2vYVCwcGG6tHYvttd0/r24xh
d70rboeHvWf/lckYex9rTSsabNsFGJiEeOWpFDce8opT6nWJ3Fc8Gh3TPlb3i5vp
06jT1RXo/p/FgPWfatNqaoEiyGs2Ito5Ky/rJu5je2XLBpTGGAY48CZX5obCxp1K
AZlawYwh7jHpqem1NFNY3H//JtOhsp+sSqLbcfyfxgRe0yMYAMaBgbTUg4rFQ82I
cxCkksEIdZrV03lP/wR7IDiK7NqaGw0dZiCPl25jqRdo126TbuCP5BkJo8eU1fzm
kswU3vhmIwDvb2U9FDfj+uxN/7NCW4sTBxQRorUgQAd0rl9/MfpwCKyQ/LqrkRvX
JFe7/428JS+wIat9vmeHbpCBNrG0rP1jWhd7g5T5hRRAib8CwNQ=
=h9ak
-----END PGP SIGNATURE-----
pgpx_1TsdRFim.pgp
Description: PGP signature
--- End Message ---
