Source: sogo Version: 5.12.1-2 Severity: grave Tags: security upstream Forwarded: https://github.com/Alinto/sope/pull/69 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 5.8.0-1 Control: tags -1 + bookworm trixie sid
Hi, The following vulnerability was published for sogo. CVE-2025-53603[0]: | In Alinto SOPE SOGo 2.0.2 through 5.12.2, sope- | core/NGExtensions/NGHashMap.m allows a NULL pointer dereference and | SOGo crash via a request in which a parameter in the query string is | a duplicate of a parameter in the POST body. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-53603 https://www.cve.org/CVERecord?id=CVE-2025-53603 [1] https://github.com/Alinto/sope/pull/69 [2] https://www.openwall.com/lists/oss-security/2025/07/02/3 Regards, Salvatore
