-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4350-1 [email protected] https://www.debian.org/lts/security/ Paride Legovini October 26, 2025 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : tika Version : 1.22-2+deb11u1 CVE ID : CVE-2025-54988 A vulnerability has been fixed in the tika package, which distributes the Apache Tika content analysis toolkit. The vulnerability affects the tika-parser-pdf-module component and allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to internal resources or third-party servers. For Debian 11 bullseye, this problem has been fixed in version 1.22-2+deb11u1. We recommend that you upgrade your tika packages. For the detailed security status of tika please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tika Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- wsC7BAEBCgBvBYJo/n2ICRDWWGGIPgFNuUcUAAAAAAAeACBzYWx0QG5vdGF0aW9u cy5zZXF1b2lhLXBncC5vcmfserZRFY3Yqkxr+u2Rl3XNXyUdPHVLKcIjOQgh4Nzd QRYhBFYa1YXu12aSG6jdltZYYYg+AU25AABvLwgAhCR9aYF8YvM3WL6JpksC73Ef vtfLpzWgoHWUOIrzk+cBtIYYoHxwgTXiEB25PBZIUrnn7OVoP6Pxb2darNOGv9/5 onRbNpg3vLS/4DX45pP1Fu8OQFYKpAUocagvL5V8kP4R0KR8hMUQuOfxXErkbg3B RmwXUdZjp+qnqqxGADbBRmSE8HMZgNoaKWD6pG10QG0cbzWGWSHsZB/wTyQDMNqu 0Ln3BPu5XkK/+1L2M/TJB9OluztSJlFDj4/JoFfQYyEN/zzATaSfr8hQERUf99xb 0qxybKm2m1fN03Ls7oGrdQlI7QC3bgWvPAt8spI5iz/dgDyaKRzLcgdQr9WIZw== =P1/g -----END PGP SIGNATURE-----
