It was discovered that missing SAML signature validation in the SOGo groupware could result in impersonation attacks. For the oldstable distribution (buster), this problem has been fixed in version 4.0.7-1+deb10u2. For the stable distribution (bullseye), this problem has been fixed in version 5.0.1-4+deb11u1. We recommend that you upgrade your sogo packages. For the detailed security status of sogo please refer to its security tracker page at: https://security-tracker.debian.org/tracker/sogo
It was discovered that missing SAML signature validation in the SOGo groupware could result in impersonation attacks.
For the oldstable distribution (buster), this problem has been fixed in version 4.0.7-1+deb10u2.
For the stable distribution (bullseye), this problem has been fixed in version 5.0.1-4+deb11u1.
We recommend that you upgrade your sogo packages.
For the detailed security status of sogo please refer to its security tracker page at: https://security-tracker.debian.org/tracker/sogo