OESA-2025-1987

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1987

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2025-1987.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2025-1987

Upstream

CVE-2025-7962

Published

2025-08-08T11:16:51Z

Modified

2025-08-13T09:18:52.538758Z

Summary

jakarta-mail security update

Details

The Jakarta Mail API provides a platform-independent and protocol-independent framework to build mail and messaging applications.

Security Fix(es):

A vulnerability has been found in Eclipse Jakarta Mail 2.2 and classified as problematic.The CWE definition for the vulnerability is CWE-147. The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as input terminators when they are sent to a downstream component.As an impact it is known to affect confidentiality, integrity, and availability.There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.(CVE-2025-7962)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:24.03-LTS-SP1 / jakarta-mail

Package

Name: jakarta-mail
Purl: pkg:rpm/openEuler/jakarta-mail&distro=openEuler-24.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.7-4.oe2403sp1

Ecosystem specific

{
    "noarch": [
        "jakarta-mail-1.6.7-4.oe2403sp1.noarch.rpm"
    ],
    "src": [
        "jakarta-mail-1.6.7-4.oe2403sp1.src.rpm"
    ]
}