Source: sogo Version: 5.12.4-1.2 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for sogo. CVE-2026-3054[0]: | A vulnerability was identified in Alinto SOGo 5.12.3/5.12.4. This | impacts an unknown function. The manipulation of the argument hint | leads to cross site scripting. The attack can be initiated remotely. | The exploit is publicly available and might be used. The vendor was | contacted early about this disclosure but did not respond in any | way. The current information looks that sogo upstream was contacted but did not reacted or commented on the issue? Can you try to check what is their take on that report? If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-3054 https://www.cve.org/CVERecord?id=CVE-2026-3054 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
