| Release | Version |
|---|---|
| bullseye | 5.0.1-4+deb11u1 |
| bookworm | 5.8.0-1 |
| trixie | 5.12.1-1 |
| sid | 5.12.1-1 |
| Bug | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|
| CVE-2024-34462 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | fixed | fixed | Alinto SOGo through 5.10.0 allows XSS during attachment preview. |
| CVE-2024-24510 | vulnerable | vulnerable | fixed | fixed | Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows ... |
| CVE-2023-48104 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | fixed | fixed | Alinto SOGo before 5.9.1 is vulnerable to HTML Injection. |
| CVE-2022-4558 | vulnerable (no DSA) | fixed | fixed | fixed | A vulnerability was found in Alinto SOGo up to 5.7.1. It has been clas ... |
| CVE-2022-4556 | vulnerable (no DSA) | fixed | fixed | fixed | A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as ... |
| Bug | Description |
|---|---|
| TEMP-0000000-BD3902 | sogo SOGoForbidUnknownDomainsAuth issue |
| CVE-2021-33054 | SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not valida ... |
| CVE-2020-22402 | Cross Site Scripting (XSS) vulnerability in SOGo Web Mail before 4.3.1 ... |
| CVE-2016-6191 | Multiple cross-site scripting (XSS) vulnerabilities in the View Raw So ... |
| CVE-2016-6190 | SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to th ... |
| CVE-2016-6189 | Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows ... |
| CVE-2016-6188 | Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of ... |
| CVE-2015-5395 | Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0. |
| CVE-2014-9905 | Multiple cross-site scripting (XSS) vulnerabilities in the Web Calenda ... |
| DSA / DLA | Description |
|---|---|
| DSA-5029-1 | sogo - security update |
| DLA-2707-1 | sogo - security update |