[Pkg-sogo-maintainers] Sogo for Trixie
Tobias Frost
tobi at debian.org
Thu Dec 25 10:33:50 GMT 2025
Hi,
Trixie is ready [1]. debdiff attached.
I've verified that the POCs the tracker mentions stops working (they did
trigger before) in a Trixie VM.
[1] Of course the target suite needs to be adapted, whether this will be a
spu or security upload
salsa:
https://salsa.debian.org/debian/sogo/-/tree/trixie?ref_type=heads
--
tobi
On Wed, Dec 24, 2025 at 01:40:06PM +0100, Tobias Frost wrote:
> Hi,
>
> I'm currently working (for LTS) on sogo, and for that I've just uploaded
> an fix for CVE-2025-63499 to DELAYED-2 for unstable.
>
> After that I'd go for trixie, with additionally fixing CVE-2025-63498.
>
> (As the final target is providing fixes for LTS, I'll also tackle the
> open vulnerabilities for bookworm.)
>
> sogo is in dsa-needed.txt, trixies CVEs are all triaged "vulnerable",
> boowkorm's are mixed "no-dsa" and "vulnerable."
>
> As the next point release are near too, I can also do a s-p-u, or
> prepare a security upload and then hand over to you (like we did for
> libpng)
>
> Please let me know how I should proceed..
>
> --
> happy holidays,
> tobi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sogo-5.12.1-3+deb13u1.diff
Type: text/x-diff
Size: 5372 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-sogo-maintainers/attachments/20251225/95ee6281/attachment.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-sogo-maintainers/attachments/20251225/95ee6281/attachment.sig>
More information about the Pkg-sogo-maintainers
mailing list