[Git][security-tracker-team/security-tracker][master] 3 commits: Add Debian bug reference for CVE-2025-66516/tika

Fri, 05 Dec 2025 00:01:37 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6fbcf8af by Salvatore Bonaccorso at 2025-12-05T09:00:26+01:00
Add Debian bug reference for CVE-2025-66516/tika

- - - - -
bafe381b by Salvatore Bonaccorso at 2025-12-05T09:00:29+01:00
Add Debian bug reference for CVE-2025-63499/sogo

- - - - -
8850d683 by Salvatore Bonaccorso at 2025-12-05T09:00:31+01:00
Add Debian bug reference for CVE-2025-66453/rhino

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2025-9127 (A vulnerability exists in PX Enterprise whereby 
sensitive informa
 CVE-2025-8074 (Origin validation error vulnerability in BeeDrive in Synology 
BeeDrive ...)
        NOT-FOR-US: Synology
 CVE-2025-66516 (Critical XXE in Apache Tika tika-core (1.13-3.2.1), 
tika-pdf-module (2 ...)
-       - tika <unfixed>
+       - tika <unfixed> (bug #1121954)
        NOTE: https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k
 CVE-2025-66373 (Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has 
a chunke ...)
        NOT-FOR-US: Akamai
@@ -31,7 +31,7 @@ CVE-2025-65346 (alexusmai laravel-file-manager 3.3.1 and 
below is vulnerable to
 CVE-2025-63681 (open-webui v0.6.33 is vulnerable to Incorrect Access Control. 
The API  ...)
        NOT-FOR-US: open-webui
 CVE-2025-63499 (Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) 
via the ...)
-       - sogo <unfixed>
+       - sogo <unfixed> (bug #1121952)
        NOTE: Fixed by: 
https://github.com/Alinto/sogo/commit/16ab99e7cf8db2c30b211f0d5e338d7f9e3a9efb
        NOTE: https://github.com/poblaguev-tot/CVE-2025-63499
 CVE-2025-63364 (Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi 
Gateway F ...)
@@ -431,7 +431,7 @@ CVE-2025-66489 (Cal.com is open-source scheduling software. 
Prior to 5.9.8, A fl
 CVE-2025-66478
        REJECTED
 CVE-2025-66453 (Rhino is an open-source implementation of JavaScript written 
entirely  ...)
-       - rhino <unfixed>
+       - rhino <unfixed> (bug #1121953)
        NOTE: 
https://github.com/mozilla/rhino/security/advisories/GHSA-3w8q-xq97-5j7x
 CVE-2025-66431 (WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on 
Linux a ...)
        NOT-FOR-US: WebPros Plesk



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/549cc40ac7038aef7f48054a2f7dfe5e4c1c3208...8850d6836363b7956d5f84229559c87fde938adb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/549cc40ac7038aef7f48054a2f7dfe5e4c1c3208...8850d6836363b7956d5f84229559c87fde938adb
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to