[Git][security-tracker-team/security-tracker][master] CVE-2025-66516/tika: bullseye fixed

Sylvain Beucler (@beuc) gitlab at salsa.debian.org
Fri Jan 2 12:29:35 GMT 2026 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7a7d325a by Sylvain Beucler at 2026-01-02T13:29:12+01:00
CVE-2025-66516/tika: bullseye fixed

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13738,6 +13738,7 @@ CVE-2025-8074 (Origin validation error vulnerability in BeeDrive in Synology Bee
 CVE-2025-66516 (Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2 ...)
 	- tika <unfixed> (bug #1121954)
 	NOTE: https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k
+	NOTE: Same vulnerability as CVE-2025-54988, fixes confusion in its announcement.
 CVE-2025-66373 (Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has a chunke ...)
 	NOT-FOR-US: Akamai
 CVE-2025-65958 (Open WebUI is a self-hosted artificial intelligence platform designed  ...)


=====================================
data/DLA/list
=====================================
@@ -239,7 +239,7 @@
 	{CVE-2025-11708 CVE-2025-11709 CVE-2025-11710 CVE-2025-11711 CVE-2025-11712 CVE-2025-11714 CVE-2025-11715}
 	[bullseye] - thunderbird 1:140.4.0esr-1~deb11u1
 [26 Oct 2025] DLA-4350-1 tika - security update
-	{CVE-2025-54988}
+	{CVE-2025-54988 CVE-2025-66516}
 	[bullseye] - tika 1.22-2+deb11u1
 [26 Oct 2025] DLA-4349-1 request-tracker4 - security update
 	{CVE-2025-61873}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a7d325a78629b3d83aea473d6f8e6f6bed6f356

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a7d325a78629b3d83aea473d6f8e6f6bed6f356
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260102/6f440a1b/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list