[Git][security-tracker-team/security-tracker][master] Add CVE-2025-66568 and reference relation to CVE-2025-25293

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Feb 18 21:48:45 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1407f05a by Salvatore Bonaccorso at 2026-02-18T22:48:10+01:00
Add CVE-2025-66568 and reference relation to CVE-2025-25293

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -30776,7 +30776,9 @@ CVE-2025-66622 (matrix-sdk-base is the base component to build a Matrix client l
 CVE-2025-66578 (xmlseclibs is a library written in PHP for working with XML Encryption ...)
 	TODO: check
 CVE-2025-66568 (The ruby-saml library implements the client side of an SAML authorizat ...)
-	TODO: check
+	 - ruby-saml <not-affected> (Incomplte fix for CVE-2025-25293 not applied)
+	NOTE: https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-x4h9-gwv3-r4m4
+	NOTE: Fixed by: https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a (v1.18.0)
 CVE-2025-66567 (The ruby-saml library is for implementing the client side of a SAML au ...)
 	- ruby-saml <not-affected> (Incomplte fix for CVE-2025-25292 not applied)
 	NOTE: https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-9v8j-x534-2fx3
@@ -119801,6 +119803,7 @@ CVE-2025-25293 (ruby-saml provides security assertion markup language (SAML) sin
 	NOTE: https://github.com/SAML-Toolkits/ruby-saml/commit/c21d6935b43a032701d99e398cbfc551e80bfb72 (v1.13.0)
 	NOTE: https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a (v1.18.0)
 	NOTE: The MAX_BYTE_SIZE check is too late, leaving CVE-2025-54572 unfixed.
+	NOTE: When  fixing this issue with the v1.12.4 commit the issue is incompletely fixed opening up CVE-2025-66568
 CVE-2025-25292 (ruby-saml provides security assertion markup language (SAML) single si ...)
 	{DLA-4115-1}
 	- ruby-saml <removed> (bug #1100441)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1407f05a1cdd861e87289c70b835d75cd76c524e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1407f05a1cdd861e87289c70b835d75cd76c524e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260218/593e7c4a/attachment.htm>

More information about the debian-security-tracker-commits mailing list