-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6037-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 24, 2025 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : openjdk-21 CVE ID : CVE-2025-53057 CVE-2025-53066 CVE-2025-61748 Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in incorrect string equality checks, XML XXE/XEE attacks or incorrect certificate validation. For the stable distribution (trixie), these problems have been fixed in version 21.0.9+10-1~deb13u1. We recommend that you upgrade your openjdk-21 packages. For the detailed security status of openjdk-21 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openjdk-21 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected] -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmj73KQACgkQEMKTtsN8 TjZeTA/9E8XwW6M7teZVOTxMeqTwGF82XX8k0mKABV6NyswipmDTSZHLleOdS3xK eet8bE09E7JyKipQ9LzVCOOdeypf4UsphBpPY0c7OOaNB+17VBm/sUonqlfaMzHc jhCxPaoaf7CE1t+IN9VOwyr5C8vREUMynpx/OAe4r0rNRD3SWk9etFeRFhhLd7vG XpWwWkDEsB40wys1zTKVPhnDA2aU5qtUwyTFUwM8xckwgRO4pW07/ay/P0OrkU+1 rtXnKOWn71RfiDMbSRav71hmt4SjXEa/hcqeZBvTWDkDHsP8i2g1r4QhVBXkJm9U +9Pi5Hqy6QloY8ccIetaj5+R0lG3TXvkVG6pC7RvLbzpzSkLEXtAH4fBK/fPMeVS HBUmzfOleW++XGck08E4FhdaC+RW+IIk1JlECmAe45iu3Q76+sxbTkihuzOpVZvT ENZLdDhSRv/ZlbBl7DwjE7VVq5sdGyU4U9Oz0sIeQFnoKHKsbI/0m2m7DduktBCu 9KVSRpWX8SHoBON83QuLlCnBbsJiBMwLJ3edxNIvY7rznOftJNbl2C9WJGEn44nm fSuCetIpOn9t+sEjef6nYY6u7gzMyUb5S0iehoPnReiTmcuxHYIa2UoYRsM61n+O 7Qa57Op5bynCm7+P9AfmuxKntGAdXIfsZ0Y7zxKWMIVKXAYasMY= =Vrb/ -----END PGP SIGNATURE-----
