Your message dated Mon, 12 Aug 2024 17:07:54 +0200
with message-id <zrolsgtd38zv5...@eldamar.lan>
and subject line Re: Accepted sogo 5.11.0-1 (source) into unstable
has caused the Debian Bug report #1071163,
regarding sogo: CVE-2024-34462
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1071163: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071163
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: sogo
Version: 5.10.0-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for sogo.
CVE-2024-34462[0]:
| Alinto SOGo through 5.10.0 allows XSS during attachment preview.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-34462
https://www.cve.org/CVERecord?id=CVE-2024-34462
[1]
https://github.com/Alinto/sogo/commit/2e37e59ed140d4aee0ff2fba579ca5f83f2c5920
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: sogo
Source-Version: 5.11.0-1
On Mon, Aug 12, 2024 at 02:52:38PM +0000, Debian FTP Masters wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Format: 1.8
> Date: Mon, 12 Aug 2024 14:15:07 +0200
> Source: sogo
> Architecture: source
> Version: 5.11.0-1
> Distribution: unstable
> Urgency: medium
> Maintainer: Debian SOGo Maintainers
> <pkg-sogo-maintain...@lists.alioth.debian.org>
> Changed-By: Jordi Mallach <jo...@debian.org>
> Changes:
> sogo (5.11.0-1) unstable; urgency=medium
> .
> * New upstream release.
> * Switch Build-Depend on pkg-config to pkgconf.
> Checksums-Sha1:
> d3683151522230f78b19604239fb3627f6c7f338 2268 sogo_5.11.0-1.dsc
> 2389979febf8b37f321b899b167a83c13af9e4b2 35368110 sogo_5.11.0.orig.tar.gz
> b5ca322fd6dcd87e8d62941fdbb59a32a84606e4 19008 sogo_5.11.0-1.debian.tar.xz
> 33992c6e151d760590435e8191c9a148f1079fd7 11483 sogo_5.11.0-1_amd64.buildinfo
> Checksums-Sha256:
> 1598e0aace6f65490061f45bd4b26a1f57d08e0929d2c3fecbe1b61b31575b7f 2268
> sogo_5.11.0-1.dsc
> 02fa4b7342a26af0ed12416e22a6dc74fde8c97ee8fb81e8a004fc7dccc9b858 35368110
> sogo_5.11.0.orig.tar.gz
> 1745ff2c26f9426843cba4f1424ecca52ab417553c732ff9e2b4323d83ceade1 19008
> sogo_5.11.0-1.debian.tar.xz
> 1767a2073d08e2224190d4d5c6a2c913e9aa218a13feb9b24bfda7e3731b787f 11483
> sogo_5.11.0-1_amd64.buildinfo
> Files:
> 3b123746fd89b80f8a3843400670be41 2268 mail optional sogo_5.11.0-1.dsc
> e01d75eef3e62f5ebf6884da9756c393 35368110 mail optional
> sogo_5.11.0.orig.tar.gz
> cbdc9e2575c093b16e8c7465fa91ea76 19008 mail optional
> sogo_5.11.0-1.debian.tar.xz
> b6df40f267975fa1e4822fa6cdf8af41 11483 mail optional
> sogo_5.11.0-1_amd64.buildinfo
>
> -----BEGIN PGP SIGNATURE-----
>
> iQIzBAEBCgAdFiEE6BdUhsApKYN8KGoWJVAvb8vjywQFAma6ExoACgkQJVAvb8vj
> ywQZvhAAgJHYOzMWHYI5My4C22xumsUxxC5d31c3tgwvuik/RNE/WTyBMLO09o5R
> 6Vp7qp/8kBosQgdMvSWNyO4Z0SjdqOS303JGzdsXNykbKZeeuRaW2QOEsb9CxjaN
> vnyPs8T2KlIrLWWv2JzVwnnOKL2eJUvhZlHkxQWiCWbqVG9kw+4mw61ItSfzCLLA
> ToLbpEQ/1eE2E+sBBWdVuzzeHBozzU45KQw11jNTZgRChMrhXdIxRYZ7MAxZHnjj
> g2fMClZPe0DLlqVXQdSc5Gy6DqQD4H6s0bXKB4hjTHQB9GAfvu2ZdQ88q5oYHEjY
> DHsnY0ZyfqVIWIY8HCnB22QsS1q1WI5yKnLeh0QwzRliSvG6o0xRA1eNSG8Vn7Dc
> pcBcv+mMCfPrk658xTBKPmQe0TTxDBR80446s33bWRTNdWVkLyw+xp0GLKoe1Nv1
> 7R+m9skrIDpcE6Vsb8z7mLAA0ROETUfTUjZXGLBnx3jGb7txTmZruzR8EQrE7bDM
> RC9M38JPSoHkTII6Xc6JoHfrIqUk0FnsypIv3bnlq1jnuMIA86EDUw6VNQmUokrC
> rlVCsL5adJMys65zedidVCIK73sRExSq1nRfFhZtE8LTrJAV+jLp//8nsT+d1cZl
> oc+9Ex2ozPNa1D8/Bzqe23ALBfzVDhaECGrX7jYFkwP/YkwcrEY=
> =8cdi
> -----END PGP SIGNATURE-----
--- End Message ---
