1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1108798: sogo: CVE-2025-53603

    From Salvatore Bonaccorso@21:1/5 to All on Sat Jul 5 11:20:01 2025
    Source: sogo
    Version: 5.12.1-2
    Severity: grave
    Tags: security upstream
    Forwarded: https://github.com/Alinto/sope/pull/69
    X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
    Control: found -1 5.8.0-1
    Control: tags -1 + bookworm trixie sid

    Hi,

    The following vulnerability was published for sogo.

    CVE-2025-53603[0]:
    | In Alinto SOPE SOGo 2.0.2 through 5.12.2, sope-
    | core/NGExtensions/NGHashMap.m allows a NULL pointer dereference and
    | SOGo crash via a request in which a parameter in the query string is
    | a duplicate of a parameter in the POST body.


    If you fix the vulnerability please also make sure to include the
    CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

    For further information see:

    [0] https://security-tracker.debian.org/tracker/CVE-2025-53603
    https://www.cve.org/CVERecord?id=CVE-2025-53603
    [1] https://github.com/Alinto/sope/pull/69
    [2] https://www.openwall.com/lists/oss-security/2025/07/02/3

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Tue Jul 22 23:40:01 2025
    This is a multi-part message in MIME format...

    Your message dated Tue, 22 Jul 2025 21:36:49 +0000
    with message-id <[email protected]>
    and subject line Bug#1108798: fixed in sope 5.12.1-2
    has caused the Debian Bug report #1108798,
    regarding sogo: CVE-2025-53603
    to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected]
    immediately.)


    --
    1108798: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108798
    Debian Bug Tracking System
    Contact [email protected] with problems

    Received: (at submit) by bugs.debian.org; 5 Jul 2025 09:09:28 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02
    (2024-03-25) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-18.5 required=4.0 tests=BAYES_00,
    BODY_INCLUDES_CONTROL_TAGS,FOURLA,FROMDEVELOPER,KHOP_HELO_FCRDNS,
    RDNS_DYNAMIC,SPF_HELO_NONE,SPF_NONE,XMAILER_REPORTBUG autolearn=ham
    autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 23; hammy, 149; neutral, 39; spammy,
    1. spammytokens:0.944-+--H*r:bugs.debian.org
    hammytokens:0.000-+--H*F:U*carnil, 0.000-+--XDebbugsCc,
    0.000-+--X-Debbugs-Cc, 0.000-+--trixie, 0.000-+--bookworm
    Return-path: <[email protected]>
    Received: from c-82-192-244-13.customer.ggaweb.ch ([82.192.244.13]:58904 helo=eldamar.lan)
    by buxtehude.debian.org with esmtp (Exim 4.96)
    (e