-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6039-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 26, 2025 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : openjdk-25 CVE ID : CVE-2025-53057 CVE-2025-53066 CVE-2025-61748 Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in incorrect string equality checks, XML XXE/XEE attacks or incorrect certificate validation. For the stable distribution (trixie), these problems have been fixed in version 25.0.1+8-1~deb13u1. We recommend that you upgrade your openjdk-25 packages. For the detailed security status of openjdk-25 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openjdk-25 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected] -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmj+ZDAACgkQEMKTtsN8 TjajJw//ffhvKQvoTAph7W0gRct4hALa9ChWF+XUjxlhoG0QJwlD7IQK5ZnyObL1 lkfj+ogjXtSAoUUQiqNpH6kSyGPWMAwSCc9xyOCrR62q0D0mfqQVC1ZGvUn84HeF 32r2jsUQ1NLJ1bv1UYFhIy2yL5+rUhBFp9gB0sRTNr+wC7FroA6j1UEMrIztIo82 SIyXQ0Uynt+X7+N+gh7OAwwUtaAoaNXCeQrTuIc3LC/CCEkPyYixZBZloMzn/7AM 4TJJvNg30hrdaCsGQ9dkA11lf6MYQoAkYazpYskQeYbKzmhJ8whlRgzHF6K7mSJe Mos9oYUbIJwgR+7FvqCIMEsrdXs6FfexknoZkRkQmHzWkLGnC+q7odKuDAIyQ7fU Qq4Ferq6eruWAim1E0wWV+2DRzDtoGpgpI1F8nmnul1ajHRgSUBZ4h8vyLatMLEL ORuqFHnu8Zc1Lw3dUeP7NYc/lhg05JbTn3Xfx8vlVXTtm8AH8b0w8i/R0BgGVTd8 f7/NhlvA3jnlwToMsohfhP8/ZaE4gsAQeccd3KtbVqMgDmwBfob8LopCakSf2Ncx 2XcCi5GCxhqtHEqGGibZVGfsqwtQANbaHj5DC+ySrMZIUVvL8A0JXoaJmOgt9NmJ aiPiOyaJifN93DaM6StzQI4ujLm8+4Zfi5MhpPhHS1S+5ZUydDI= =zgc4 -----END PGP SIGNATURE-----
