Tryton-Server and Sogo updates for Debian

Debian 10705 Published by

Debian has released security updates for two Debian GNU/Linux 11 (Bullseye) LTS packages: tryton-server and sogo. Tryton-server was vulnerable to information disclosure, but this issue has been fixed in version 5.0.33-2+deb11u4. Sogo, on the other hand, had a Cross-Site Scripting (XSS) vulnerability that allowed arbitrary JavaScript to be executed via the "userName" parameter, but this problem was addressed in version 5.0.1-4+deb11u2. Both packages are recommended to be upgraded to their respective fixed versions to ensure system security.

[DLA 4387-1] tryton-server security update
[DLA 4386-1] sogo security update




[SECURITY] [DLA 4387-1] tryton-server security update


-------------------------------------------------------------------------
Debian LTS Advisory DLA-4387-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Santiago Ruano Rincón
November 28, 2025 https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package : tryton-server
Version : 5.0.33-2+deb11u4
CVE ID : not yet available
Debian Bug : 1121242 1121243

Several security vulnerabilities were discovered in the server of the
Tryton application platform, which could lead to information disclosure.

For Debian 11 bullseye, these problems have been fixed in version
5.0.33-2+deb11u4.

We recommend that you upgrade your tryton-server packages.

For the detailed security status of tryton-server please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tryton-server

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



[SECURITY] [DLA 4386-1] sogo security update


- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4386-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Paride Legovini
November 28, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : sogo
Version : 5.0.1-4+deb11u2
CVE ID : CVE-2025-63498
Debian Bug :

The SOGo groupware server is vulnerable to Cross Site Scripting (XSS) via the
"userName" parameter, allowing arbitrary JavaScript to be executed when a user
visits the authentication page.

For Debian 11 bullseye, this problem has been fixed in version
5.0.1-4+deb11u2.

We recommend that you upgrade your sogo packages.

For the detailed security status of sogo please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/sogo

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


EDK II update for Ubuntu

FlyOOBE 2.2 released

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...