UBUNTU-CVE-2016-6189

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2016-6189
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-6189.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-6189
Upstream
Published
2017-02-17T17:59:00Z
Modified
2026-01-20T16:39:06.439084Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
  • Ubuntu - low
Summary
[none]
Details

Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.

References

Affected packages

Ubuntu:16.04:LTS / sogo

Package

Name
sogo
Purl
pkg:deb/ubuntu/sogo@2.2.17a-1.1build1?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.2.17a-1
2.2.17a-1.1
2.2.17a-1.1build1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "sogo",
            "binary_version": "2.2.17a-1.1build1"
        },
        {
            "binary_name": "sogo-common",
            "binary_version": "2.2.17a-1.1build1"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-6189.json"

Ubuntu:25.10 / sogo

Package

Name
sogo
Purl
pkg:deb/ubuntu/sogo@5.12.1-3?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*
5.11.2-4
5.12.1-1
5.12.1-1build2
5.12.1-2
5.12.1-3

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "sogo",
            "binary_version": "5.12.1-3"
        },
        {
            "binary_name": "sogo-activesync",
            "binary_version": "5.12.1-3"
        },
        {
            "binary_name": "sogo-common",
            "binary_version": "5.12.1-3"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-6189.json"