[Git][security-tracker-team/security-tracker][master] Mark sogo as no-dsa for trixie and bookworm

Wed Dec 31 08:54:33 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
20de0a34 by Salvatore Bonaccorso at 2025-12-31T09:54:00+01:00
Mark sogo as no-dsa for trixie and bookworm

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -13182,6 +13182,8 @@ CVE-2025-63681 (open-webui v0.6.33 is vulnerable to Incorrect Access Control. Th
 	NOT-FOR-US: open-webui
 CVE-2025-63499 (Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the ...)
 	- sogo 5.12.4-1.2 (bug #1121952)
+	[trixie] - sogo <no-dsa> (Minor issue, can be fixed via point release)
+	[bookworm] - sogo <no-dsa> (Minor issue, can be fixed via point release)
 	NOTE: Fixed by: https://github.com/Alinto/sogo/commit/16ab99e7cf8db2c30b211f0d5e338d7f9e3a9efb
 	NOTE: https://github.com/poblaguev-tot/CVE-2025-63499
 CVE-2025-63364 (Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway F ...)
@@ -15509,6 +15511,8 @@ CVE-2025-63674 (An issue in Blurams Lumi Security Camera (A31C) v23.1227.472.292
 CVE-2025-63498 (alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the ...)
 	{DLA-4386-1}
 	- sogo 5.12.4-1
+	[trixie] - sogo <no-dsa> (Minor issue, can be fixed via point release)
+	[bookworm] - sogo <no-dsa> (Minor issue, can be fixed via point release)
 	NOTE: https://github.com/Alinto/sogo/commit/9e20190fad1a437f7e1307f0adcfe19a8d45184c (SOGo-5.12.4)
 	NOTE: https://github.com/xryptoh/CVE-2025-63498
 CVE-2025-62691 (Security Point (Windows) of MaLion and MaLionCloud contains a stack-ba ...)
@@ -155092,6 +155096,7 @@ CVE-2024-27364 (An issue was discovered in Mobile Processor, Wearable Processor
 	NOT-FOR-US: Samsung
 CVE-2024-24510 (Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows ...)
 	- sogo 5.10.0-1
+	[bookworm] - sogo <no-dsa> (Minor issue, can be fixed via point release)
 	[bullseye] - sogo <postponed> (Follow bookworm updates)
 	NOTE: Fixed by: https://github.com/Alinto/sogo/commit/21468700718ed71774eaf2979ee59330fc569424 (SOGo-5.10.0)
 CVE-2023-50883 (ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediat ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -71,8 +71,6 @@ runc
 --
 smb4k (carnil)
 --
-sogo
---
 sympa/oldstable
 --
 tomcat10/oldstable (apo)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20de0a343167e89abd6d0da18506f3472a1bb207

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20de0a343167e89abd6d0da18506f3472a1bb207
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251231/80a28df7/attachment-0001.htm>
