[Git][security-tracker-team/security-tracker][master] Add CVE-2025-66568 and reference relation to CVE-2025-25293

Salvatore Bonaccorso (@carnil) Wed, 18 Feb 2026 13:48:56 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1407f05a by Salvatore Bonaccorso at 2026-02-18T22:48:10+01:00
Add CVE-2025-66568 and reference relation to CVE-2025-25293

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -30776,7 +30776,9 @@ CVE-2025-66622 (matrix-sdk-base is the base component 
to build a Matrix client l
 CVE-2025-66578 (xmlseclibs is a library written in PHP for working with XML 
Encryption ...)
        TODO: check
 CVE-2025-66568 (The ruby-saml library implements the client side of an SAML 
authorizat ...)
-       TODO: check
+        - ruby-saml <not-affected> (Incomplte fix for CVE-2025-25293 not 
applied)
+       NOTE: 
https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-x4h9-gwv3-r4m4
+       NOTE: Fixed by: 
https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a
 (v1.18.0)
 CVE-2025-66567 (The ruby-saml library is for implementing the client side of a 
SAML au ...)
        - ruby-saml <not-affected> (Incomplte fix for CVE-2025-25292 not 
applied)
        NOTE: 
https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-9v8j-x534-2fx3
@@ -119801,6 +119803,7 @@ CVE-2025-25293 (ruby-saml provides security assertion 
markup language (SAML) sin
        NOTE: 
https://github.com/SAML-Toolkits/ruby-saml/commit/c21d6935b43a032701d99e398cbfc551e80bfb72
 (v1.13.0)
        NOTE: 
https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a
 (v1.18.0)
        NOTE: The MAX_BYTE_SIZE check is too late, leaving CVE-2025-54572 
unfixed.
+       NOTE: When  fixing this issue with the v1.12.4 commit the issue is 
incompletely fixed opening up CVE-2025-66568
 CVE-2025-25292 (ruby-saml provides security assertion markup language (SAML) 
single si ...)
        {DLA-4115-1}
        - ruby-saml <removed> (bug #1100441)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1407f05a1cdd861e87289c70b835d75cd76c524e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1407f05a1cdd861e87289c70b835d75cd76c524e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2025-66568 and reference relation to CVE-2025-25293

Reply via email to