[Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-66567

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Feb 18 19:55:35 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
09017835 by Salvatore Bonaccorso at 2026-02-18T20:55:09+01:00
Update status for CVE-2025-66567

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -30519,7 +30519,9 @@ CVE-2025-66578 (xmlseclibs is a library written in PHP for working with XML Encr
 CVE-2025-66568 (The ruby-saml library implements the client side of an SAML authorizat ...)
 	TODO: check
 CVE-2025-66567 (The ruby-saml library is for implementing the client side of a SAML au ...)
-	TODO: check
+	- ruby-saml <not-affected> (Incomplte fix for CVE-2025-25292 not applied)
+	NOTE: https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-9v8j-x534-2fx3
+	NOTE: Fixed by: https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97 (v1.18.0)
 CVE-2025-66565 (Fiber Utils is a collection of common functions created for Fiber. In  ...)
 	NOT-FOR-US: Fiber Utils (gofiber)
 CVE-2025-66508 (1Panel is an open-source, web-based control panel for Linux server man ...)
@@ -119544,6 +119546,7 @@ CVE-2025-25292 (ruby-saml provides security assertion markup language (SAML) sin
 	NOTE: https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-754f-8gm6-c4r2
 	NOTE: https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97 (v1.18.0)
 	NOTE: https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9 (v1.12.4)
+	NOTE: When fixing this issue with the v1.12.4 the issue is incompletely fixed opening up CVE-2025-66567
 CVE-2025-25291 (ruby-saml provides security assertion markup language (SAML) single si ...)
 	{DLA-4115-1}
 	- ruby-saml <removed> (bug #1100441)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09017835bfecda05286ebd62c709af5b570730c8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09017835bfecda05286ebd62c709af5b570730c8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260218/4a1d54f4/attachment.htm>

More information about the debian-security-tracker-commits mailing list