Package: release.debian.org Severity: normal Tags: bookworm X-Debbugs-Cc: [email protected], [email protected], [email protected] Control: affects -1 + src:sogo User: [email protected] Usertags: pu
This o-s-p-u fixes the following CVES: * CVE-2024-48104 - HTML Injection (Closes: #1060925) * CVE-2024-24510 - CSS Injection * CVE-2024-34462 - Cross Site Scripting (XSS) (Closes: #1071163) * CVE-2025-63498 - Cross Site Scripting (XSS) * CVE-2025-63499 - Cross Site Scripting (XSS) (Closes: #1121952) It additinonally fixes a crash (NSException) that could be triggered when mailIdentities was invalid [ Tests ] I've verified that the POCs the tracker mentions stops working (they did trigger before) in a Bookworm VM and additionally manually tested sogo. [ Risks ] The Patches are cherry-picked from upstream are small and quite straight forward. See the dep3 headers for pointers to the upstream changes. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] see above I'll upload the changes after this mail has been sent. -- tobi
diff -Nru sogo-5.8.0/debian/changelog sogo-5.8.0/debian/changelog --- sogo-5.8.0/debian/changelog 2022-12-01 12:47:54.000000000 +0100 +++ sogo-5.8.0/debian/changelog 2026-01-04 17:27:30.000000000 +0100 @@ -1,3 +1,22 @@ +sogo (5.8.0-2+deb12u1) bookworm; urgency=high + + [ Tobias Frost ] + * Non-maintainer upload. + * Cherry-pick patch from salsa repo to fix below mentioned + WSTG-INPV-02 issue. (The patch was present in the git repo, + but the never released as part of a package) + * CVE-2024-48104 - HTML Injection (Closes: #1060925) + * CVE-2024-24510 - CSS Injection + * CVE-2024-34462 - Cross Site Scripting (XSS) (Closes: #1071163) + * CVE-2025-63498 - Cross Site Scripting (XSS) + * CVE-2025-63499 - Cross Site Scripting (XSS) (Closes: #1121952) + + [ Jordi Mallach ] + * Add upstream fix for a WSTG-INPV-02 security issue, crash on + invalid mailIdentities. + + -- Tobias Frost <[email protected]> Sun, 04 Jan 2026 17:27:30 +0100 + sogo (5.8.0-1) unstable; urgency=medium * New upstream release. diff -Nru sogo-5.8.0/debian/patches/CVE-2024-24510.patch sogo-5.8.0/debian/patches/CVE-2024-24510.patch --- sogo-5.8.0/debian/patches/CVE-2024-24510.patch 1970-01-01 01:00:00.000000000 +0100 +++ sogo-5.8.0/debian/patches/CVE-2024-24510.patch 2026-01-04 17:27:30.000000000 +0100 @@ -0,0 +1,45 @@ +Description: CVE-2024-24510 - XSS via mail import component + Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows a remote + attacker to execute arbitrary code via the import function to the mail + component. +Origin: https://github.com/Alinto/sogo/commit/21468700718ed71774eaf2979ee59330fc569424 + + From 21468700718ed71774eaf2979ee59330fc569424 Mon Sep 17 00:00:00 +2001 +From: smizrahi <[email protected]> +Date: Tue, 23 Jan 2024 15:01:47 +0000 +Subject: [PATCH] fix(mail): Fix security @import css injection + +--- + SoObjects/SOGo/NSString+Utilities.m | 9 +++++++++ + Tests/Unit/TestNSString+Utilities.m | 1 + + 2 files changed, 10 insertions(+) + +--- a/SoObjects/SOGo/NSString+Utilities.m ++++ b/SoObjects/SOGo/NSString+Utilities.m +@@ -990,6 +990,15 @@ + options: NSRegularExpressionCaseInsensitive error:&error]; + newResult = [regex stringByReplacingMatchesInString:result options:0 range:NSMakeRange(0, [result length]) withTemplate:@"onmouseo***="]; + result = [NSString stringWithString: newResult]; ++ ++ // Remove @import css (in style tags) ++ regex = [NSRegularExpression regularExpressionWithPattern:@"(<[\\s\\u200B	

\\\\0]*s[\\s\\u200B	

\\\\0]*t[\\s\\u200B	

\\\\0]*y[\\s\\u200B	

\\\\0]*l[\\s\\u200B	

\\\\0]*e.*)([\\s\\u200B	

\\\\0]*@[\\s\\u200B	

\\\\0]*i[\\s\\u200B	

\\\\0]*m[\\s\\u200B	

\\\\0]*p[\\s\\u200B	

\\\\0]*o[\\s\\u200B	

\\\\0]*r[\\s\\u200B	

\\\\0]*t)(.*<[\\s\\u200B	

\\\\0]*\\/[\\s\\u200B	

\\\\0]*s[\\s\\u200B	

\\\\0]*t[\\s\\u200B	

\\\\0]*y[\\s\\u200B	

\\\\0]*l[\\s\\u200B	

\\\\0]*e[\\s\\u200B	

\\\\0]*>)" ++ options: NSRegularExpressionCaseInsensitive error:&error]; ++ newResult = result; ++ while([regex numberOfMatchesInString:newResult options:0 range:NSMakeRange(0, [newResult length])] > 0) { ++ newResult = [regex stringByReplacingMatchesInString:newResult options:0 range:NSMakeRange(0, [newResult length]) withTemplate:@"$1@im****$3"]; ++ } ++ result = [NSString stringWithString: newResult]; + } + } + NS_HANDLER +--- a/Tests/Unit/TestNSString+Utilities.m ++++ b/Tests/Unit/TestNSString+Utilities.m +@@ -108,6 +108,7 @@ + testEquals([[NSString stringWithString:@"foobar <iframe src=\"\">bar</iframe>"] stringWithoutHTMLInjection: NO], @"foobar <ifr*** src=\"\">bar</iframe>"); + testEquals([[NSString stringWithString:@"foobar <img onload=foo bar"] stringWithoutHTMLInjection: NO], @"foobar <img onl***=foo bar"); + testEquals([[NSString stringWithString:@"foobar <img onmouseover=foo bar"] stringWithoutHTMLInjection: NO], @"foobar <img onmouseo***=foo bar"); ++ testEquals([[NSString stringWithString:@"<!DOCTYPE html><html><head><style>@import url(https://foo.bar/malicious.css);.foo{background-color: red; @import url(https://bar.foo/malicious2.css);</style></head><body><table><tr><td>A</td><td>B</td><td>C</td></tr></table></body></html>"] stringWithoutHTMLInjection: NO], @"<!DOCTYPE html><html><head><style>@im**** url(https://foo.bar/malicious.css);.foo{background-color: red; @im**** url(https://bar.foo/malicious2.css);</style></head><body><table><tr><td>A</td><td>B</td><td>C</td></tr></table></body></html>"); + } + + diff -Nru sogo-5.8.0/debian/patches/CVE-2024-34462.patch sogo-5.8.0/debian/patches/CVE-2024-34462.patch --- sogo-5.8.0/debian/patches/CVE-2024-34462.patch 1970-01-01 01:00:00.000000000 +0100 +++ sogo-5.8.0/debian/patches/CVE-2024-34462.patch 2026-01-04 17:27:30.000000000 +0100 @@ -0,0 +1,113 @@ +Description: CVE-2024-34462 - XSS during attachment preview +Origin: https://github.com/Alinto/sogo/commit/2e37e59ed140d4aee0ff2fba579ca5f83f2c5920 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071163 + +From 2e37e59ed140d4aee0ff2fba579ca5f83f2c5920 Mon Sep 17 00:00:00 2001 +From: Hivert Quentin <[email protected]> +Date: Wed, 3 Apr 2024 17:34:16 +0200 +Subject: [PATCH] fix(vulnerability): prevent cross-site scripting when + previewing attachments + +--- + SoObjects/Mailer/SOGoMailBodyPart.m | 85 +++++++++++++++-------------- + 1 file changed, 45 insertions(+), 40 deletions(-) + +diff --git a/SoObjects/Mailer/SOGoMailBodyPart.m b/SoObjects/Mailer/SOGoMailBodyPart.m +index 7317869232..1f043d335c 100644 +--- a/SoObjects/Mailer/SOGoMailBodyPart.m ++++ b/SoObjects/Mailer/SOGoMailBodyPart.m +@@ -500,49 +500,54 @@ - (id) GETAction: (WOContext *) localContext + + error = [self matchesRequestConditionInContext: localContext]; + if (error) +- { +- response = error; /* return 304 or 416 */ +- } ++ { ++ response = error; /* return 304 or 416 */ ++ } + else +- { +-// [self debugWithFormat: @"should fetch body part: %@", ++ { ++// [self debugWithFormat: @"should fetch body part: %@", + // [self bodyPartIdentifier]]; +- data = [self fetchBLOB]; +- if (data) +- { +-// [self debugWithFormat:@" fetched %d bytes: %@", [data length], +-// [self partInfo]]; +- +- response = [localContext response]; +- mimeType = [self davContentType]; +- if ([mimeType isEqualToString: @"application/x-xpinstall"]) +- mimeType = @"application/octet-stream"; +- else if (!asAttachment) +- mimeType = [self contentTypeForBodyPartInfo: [self partInfo]]; +- +- [response setHeader: mimeType forKey: @"content-type"]; +- [response setHeader: [NSString stringWithFormat:@"%d", (int)[data length]] +- forKey: @"content-length"]; +- +- if (asAttachment) +- { +- fileName = [self filename]; +- if ([fileName length]) +- [response setHeader: [NSString stringWithFormat: @"attachment; filename*=\"utf-8''%@\"", +- [fileName stringByEscapingURL]] +- forKey: @"content-disposition"]; +- } +- +- etag = [self davEntityTag]; +- if (etag) +- [response setHeader: etag forKey: @"etag"]; +- +- [response setContent: data]; +- } ++ data = [self fetchBLOB]; ++ if (data) ++ { ++// [self debugWithFormat:@" fetched %d bytes: %@", [data length], ++// [self partInfo]]; ++ ++ response = [localContext response]; ++ mimeType = [self davContentType]; ++ ++ if ([mimeType isEqualToString: @"application/x-xpinstall"]) ++ mimeType = @"application/octet-stream"; ++ else if (!asAttachment) ++ mimeType = [self contentTypeForBodyPartInfo: [self partInfo]]; ++ ++ if([mimeType rangeOfString:@"xml"].location != NSNotFound || [mimeType rangeOfString:@"html"].location != NSNotFound ++ || [mimeType rangeOfString:@"css"].location != NSNotFound || [mimeType rangeOfString:@"javascript"].location != NSNotFound) ++ [response setHeader: @"text/plain" forKey: @"content-type"]; + else +- response = [NSException exceptionWithHTTPStatus: 404 /* not found */ +- reason: @"did not find body part"]; +- } ++ [response setHeader: mimeType forKey: @"content-type"]; ++ ++ [response setHeader: [NSString stringWithFormat:@"%d", (int)[data length]] forKey: @"content-length"]; ++ ++ if (asAttachment) ++ { ++ fileName = [self filename]; ++ if ([fileName length]) ++ [response setHeader: [NSString stringWithFormat: @"attachment; filename*=\"utf-8''%@\"", ++ [fileName stringByEscapingURL]] ++ forKey: @"content-disposition"]; ++ } ++ ++ etag = [self davEntityTag]; ++ if (etag) ++ [response setHeader: etag forKey: @"etag"]; ++ ++ [response setContent: data]; ++ } ++ else ++ response = [NSException exceptionWithHTTPStatus: 404 /* not found */ ++ reason: @"did not find body part"]; ++ } + + return response; + } diff -Nru sogo-5.8.0/debian/patches/CVE-2024-48104.patch sogo-5.8.0/debian/patches/CVE-2024-48104.patch --- sogo-5.8.0/debian/patches/CVE-2024-48104.patch 1970-01-01 01:00:00.000000000 +0100 +++ sogo-5.8.0/debian/patches/CVE-2024-48104.patch 2026-01-04 17:27:30.000000000 +0100 @@ -0,0 +1,50 @@ +Description: CVE-2023-48104 - HTML Injection +Origin: https://github.com/Alinto/sogo/commit/7481ccf37087c3f456d7e5a844da01d0f8883098 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060925 + + +From 7481ccf37087c3f456d7e5a844da01d0f8883098 Mon Sep 17 00:00:00 2001 +From: Hivert Quentin <[email protected]> +Date: Mon, 6 Nov 2023 14:04:53 +0100 +Subject: [PATCH] fix(hmtl): prevent html injection of tag form + +--- + SoObjects/SOGo/NSString+Utilities.m | 12 ++++++++++++ + Tests/Unit/TestNSString+Utilities.m | 1 + + 2 files changed, 13 insertions(+) + +diff --git a/SoObjects/SOGo/NSString+Utilities.m b/SoObjects/SOGo/NSString+Utilities.m +index 682be7e718..cf722d9238 100644 +--- a/SoObjects/SOGo/NSString+Utilities.m ++++ b/SoObjects/SOGo/NSString+Utilities.m +@@ -979,6 +979,18 @@ - (NSString *) stringWithoutHTMLInjection: (BOOL)stripHTMLCode + newResult = [regex stringByReplacingMatchesInString:result options:0 range:NSMakeRange(0, [result length]) withTemplate:@"<ifr***"]; + result = [NSString stringWithString: newResult]; + ++ // Remove <form ++ regex = [NSRegularExpression regularExpressionWithPattern:@"<[\\s\\u200B	

\\\\0]*f[\\s\\u200B	

\\\\0]*o[\\s\\u200B	

\\\\0]*r[\\s\\u200B	

\\\\0]*m" ++ options: NSRegularExpressionCaseInsensitive error:&error]; ++ newResult = [regex stringByReplacingMatchesInString:result options:0 range:NSMakeRange(0, [result length]) withTemplate:@"<for*"]; ++ result = [NSString stringWithString: newResult]; ++ ++ // Remove </form ++ regex = [NSRegularExpression regularExpressionWithPattern:@"<[\\s\\u200B	

\\\\0]*/[\\s\\u200B	

\\\\0]*f[\\s\\u200B	

\\\\0]*o[\\s\\u200B	

\\\\0]*r[\\s\\u200B	

\\\\0]*m" ++ options: NSRegularExpressionCaseInsensitive error:&error]; ++ newResult = [regex stringByReplacingMatchesInString:result options:0 range:NSMakeRange(0, [result length]) withTemplate:@"</for*"]; ++ result = [NSString stringWithString: newResult]; ++ + // Remove onload + regex = [NSRegularExpression regularExpressionWithPattern:@"onload=" + options: NSRegularExpressionCaseInsensitive error:&error]; +diff --git a/Tests/Unit/TestNSString+Utilities.m b/Tests/Unit/TestNSString+Utilities.m +index caf244c673..e0698caaf6 100644 +--- a/Tests/Unit/TestNSString+Utilities.m ++++ b/Tests/Unit/TestNSString+Utilities.m +@@ -105,6 +105,7 @@ - (void) test_stringWithoutHTMLInjection + testEquals([[NSString stringWithString:@"<img vbscript:test"] stringWithoutHTMLInjection: NO], @"<img test"); + testEquals([[NSString stringWithString:@"<img javascript:test"] stringWithoutHTMLInjection: NO], @"<img test"); + testEquals([[NSString stringWithString:@"<img livescript:test"] stringWithoutHTMLInjection: NO], @"<img test"); ++ testEquals([[NSString stringWithString:@"foobar <form action=\"\">bar</form>"] stringWithoutHTMLInjection: NO], @"foobar <for* action=\"\">bar</for*>"); + testEquals([[NSString stringWithString:@"foobar <iframe src=\"\">bar</iframe>"] stringWithoutHTMLInjection: NO], @"foobar <ifr*** src=\"\">bar</iframe>"); + testEquals([[NSString stringWithString:@"foobar <img onload=foo bar"] stringWithoutHTMLInjection: NO], @"foobar <img onl***=foo bar"); + testEquals([[NSString stringWithString:@"foobar <img onmouseover=foo bar"] stringWithoutHTMLInjection: NO], @"foobar <img onmouseo***=foo bar"); diff -Nru sogo-5.8.0/debian/patches/CVE-2025-63498.patch sogo-5.8.0/debian/patches/CVE-2025-63498.patch --- sogo-5.8.0/debian/patches/CVE-2025-63498.patch 1970-01-01 01:00:00.000000000 +0100 +++ sogo-5.8.0/debian/patches/CVE-2025-63498.patch 2026-01-04 17:27:30.000000000 +0100 @@ -0,0 +1,54 @@ +Description: CVE-2025-63498 - Cross Site Scripting (XSS) via the "userName" parameter +Origin: https://github.com/Alinto/sogo/commit/9e20190fad1a437f7e1307f0adcfe19a8d45184c +Bug: https://github.com/xryptoh/CVE-2025-63498 + +From 9e20190fad1a437f7e1307f0adcfe19a8d45184c Mon Sep 17 00:00:00 2001 +From: Hivert Quentin <[email protected]> +Date: Thu, 2 Oct 2025 13:37:56 +0200 +Subject: [PATCH] fix(login): Only remember the login if the auth was + successful + +--- + UI/MainUI/SOGoRootPage.m | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +--- a/UI/MainUI/SOGoRootPage.m ++++ b/UI/MainUI/SOGoRootPage.m +@@ -214,7 +214,7 @@ + + SOGoPasswordPolicyError err; + int expire, grace; +- BOOL rememberLogin, b; ++ BOOL rememberLogin, b, loginSuccess; + + err = PolicyNoError; + expire = grace = -1; +@@ -232,13 +232,15 @@ + * [WOHttpTransaction applyAdaptorHeadersWithHttpRequest] */ + remoteHost = [request headerForKey:@"x-webobjects-remote-host"]; + +- if ((b = [auth checkLogin: username password: password domain: &domain +- perr: &err expire: &expire grace: &grace useCache: NO]) ++ loginSuccess = [auth checkLogin: username password: password domain: &domain ++ perr: &err expire: &expire grace: &grace useCache: NO] + && (err == PolicyNoError) + // no password policy + && ((expire < 0 && grace < 0) // no password policy or everything is alright + || (expire < 0 && grace > 0) // password expired, grace still permits login +- || (expire >= 0 && grace == -1))) // password about to expire OR ppolicy activated and passwd never changed ++ || (expire >= 0 && grace == -1)); // password about to expire OR ppolicy activated and passwd never changed ++ ++ if (loginSuccess) + { + NSMutableDictionary *json = [NSMutableDictionary dictionary]; + +@@ -373,7 +375,8 @@ + response = [self _responseWithLDAPPolicyError: err]; + } + +- if (rememberLogin) ++ //Only remember login If the auth was succesful... ++ if (rememberLogin && loginSuccess) + [response addCookie: [self _cookieWithUsername: [params objectForKey: @"userName"]]]; + else + [response addCookie: [self _cookieWithUsername: nil]]; diff -Nru sogo-5.8.0/debian/patches/CVE-2025-63499.patch sogo-5.8.0/debian/patches/CVE-2025-63499.patch --- sogo-5.8.0/debian/patches/CVE-2025-63499.patch 1970-01-01 01:00:00.000000000 +0100 +++ sogo-5.8.0/debian/patches/CVE-2025-63499.patch 2026-01-04 17:27:30.000000000 +0100 @@ -0,0 +1,40 @@ +Description: CVE-2025-63499 - Reflected XSS Vulnerability +Origin: https://github.com/Alinto/sogo/commit/16ab99e7cf8db2c30b211f0d5e338d7f9e3a9efb +Bug: https://github.com/poblaguev-tot/CVE-2025-63499 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121952 + +From 16ab99e7cf8db2c30b211f0d5e338d7f9e3a9efb Mon Sep 17 00:00:00 2001 +From: Hivert Quentin <[email protected]> +Date: Wed, 26 Nov 2025 13:22:38 +0100 +Subject: [PATCH] fix(vulnerability): prevent sogo to execute scripts pass in + theme query + +--- + UI/SOGoUI/UIxComponent.m | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/UI/SOGoUI/UIxComponent.m b/UI/SOGoUI/UIxComponent.m +index a8658e772b..012d6edea7 100644 +--- a/UI/SOGoUI/UIxComponent.m ++++ b/UI/SOGoUI/UIxComponent.m +@@ -395,14 +395,18 @@ - (NSString *) ownPath + + - (NSString *) relativePathToUserFolderSubPath: (NSString *) _sub + { +- NSString *dst, *rel, *theme; ++ NSString *dst, *rel, *theme, *safeTheme; + + dst = [[self userFolderPath] stringByAppendingPathComponent: _sub]; + rel = [dst urlPathRelativeToPath:[self ownPath]]; + + theme = [[context request] formValueForKey: @"theme"]; + if ([theme length]) +- rel = [NSString stringWithFormat: @"%@?theme=%@", rel, theme]; ++ { ++ safeTheme = [theme stringWithoutHTMLInjection: YES]; ++ if([safeTheme isEqualToString: theme]) ++ rel = [NSString stringWithFormat: @"%@?theme=%@", rel, theme]; ++ } + + return rel; + } diff -Nru sogo-5.8.0/debian/patches/security_wstg-inpv-02_nsexception_fix.patch sogo-5.8.0/debian/patches/security_wstg-inpv-02_nsexception_fix.patch --- sogo-5.8.0/debian/patches/security_wstg-inpv-02_nsexception_fix.patch 1970-01-01 01:00:00.000000000 +0100 +++ sogo-5.8.0/debian/patches/security_wstg-inpv-02_nsexception_fix.patch 2026-01-04 17:24:57.000000000 +0100 @@ -0,0 +1,27 @@ +Description: fix(security): Security fix for WSTG-INPV-02. + Fix Crash / NSException where mailIdentities is invalid on init. +Bug: https://bugs.sogo.nu/view.php?id=5651 + +commit fe9ae12e46a151ee5989ed1f0009bb81611a46bd +Author: smizrahi <[email protected]> +Date: Mon Dec 5 11:45:45 2022 +0100 + + fix(security): Security fix for WSTG-INPV-02. Fix NSException where tried to modify NSDictionary. Closes #5651. + +diff --git a/SoObjects/SOGo/SOGoUserDefaults.m b/SoObjects/SOGo/SOGoUserDefaults.m +index 357f8ebe6..5073e29b2 100644 +--- a/SoObjects/SOGo/SOGoUserDefaults.m ++++ b/SoObjects/SOGo/SOGoUserDefaults.m +@@ -805,9 +805,9 @@ NSString *SOGoPasswordRecoverySecondaryEmail = @"SecondaryEmail"; + // Remove possible XSS injection + mailIdentities = [NSMutableArray arrayWithArray: [self arrayForKey: @"SOGoMailIdentities"]]; + for (i = 0 ; i < [mailIdentities length] ; i++) { +- mailIdentity = [mailIdentities objectAtIndex: i]; +- if (mailIdentity && [mailIdentity objectForKey: @"fullName"] && [[self arrayForKey: @"SOGoMailIdentities"] isKindOfClass: [NSString class]]) { +- fullName = [NSString stringWithString: [self arrayForKey: @"SOGoMailIdentities"]]; ++ mailIdentity = [NSMutableDictionary dictionaryWithDictionary: [mailIdentities objectAtIndex: i]]; ++ if (mailIdentity && [mailIdentity objectForKey: @"fullName"]) { ++ fullName = [NSString stringWithString: [mailIdentity objectForKey: @"fullName"]]; + if (fullName) { + [mailIdentity setObject: [fullName stringWithoutHTMLInjection: YES] forKey: @"fullName"]; + [mailIdentities setObject: mailIdentity atIndexedSubscript: i]; diff -Nru sogo-5.8.0/debian/patches/series sogo-5.8.0/debian/patches/series --- sogo-5.8.0/debian/patches/series 2022-12-01 11:42:05.000000000 +0100 +++ sogo-5.8.0/debian/patches/series 2025-12-25 17:50:20.000000000 +0100 @@ -9,3 +9,9 @@ 0008-Unset-MAKEFLAGS-and-MFLAGS-in-configure.patch 0009-Omit-signedViewer-altogether-when-not-using-openssl.patch python3.patch +security_wstg-inpv-02_nsexception_fix.patch +CVE-2025-63499.patch +CVE-2025-63498.patch +CVE-2024-34462.patch +CVE-2024-24510.patch +CVE-2024-48104.patch
