[Git][security-tracker-team/security-tracker][master] Add new sogo issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu May 14 08:40:19 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b64b22dd by Salvatore Bonaccorso at 2026-05-14T09:39:50+02:00
Add new sogo issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,6 @@
 CVE-2026-8496 (A cross-site scripting (XSS) vulnerability exists in Alinto SOGo, vers ...)
-	TODO: check
+	- sogo 5.12.8-1
+	NOTE: https://github.com/Alinto/sogo/commit/67ce01ec2a1a7854d8e9f615dd65afb949043e8 (SOGo-5.12.8)
 CVE-2026-8466 (Allocation of Resources Without Limits or Throttling vulnerability in  ...)
 	TODO: check
 CVE-2026-8369 (Improper Input Validation in the NAT64 translator in The OpenThread Au ...)
@@ -81,9 +82,11 @@ CVE-2026-4527 (GitLab has remediated an issue in GitLab CE/EE affecting all vers
 CVE-2026-4524 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
 	TODO: check
 CVE-2026-46446 (SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext  ...)
-	TODO: check
+	- sogo 5.12.7-1
+	NOTE: https://github.com/Alinto/sogo/commit/1f7e5d2b2c2047c44a6a9e05f73c36491cb96d21 (SOGo-5.12.7)
 CVE-2026-46445 (SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection.)
-	TODO: check
+	- sogo 5.12.7-1
+	NOTE: https://github.com/Alinto/sogo/commit/1f7e5d2b2c2047c44a6a9e05f73c36491cb96d21 (SOGo-5.12.7)
 CVE-2026-46419 (Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2. ...)
 	TODO: check
 CVE-2026-45740 (protobufjs compiles protobuf definitions into JavaScript (JS) function ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b64b22dd097e7ea73cd0a55e69cf831b151732ea

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b64b22dd097e7ea73cd0a55e69cf831b151732ea
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260514/87f583bf/attachment.htm>

More information about the debian-security-tracker-commits mailing list