{
	"document":{
		"aggregate_severity":{
			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
			"text":"Medium"
		},
		"category":"csaf_vex",
		"csaf_version":"2.0",
		"distribution":{
			"tlp":{
				"label":"WHITE",
				"url":"https:/www.first.org/tlp/"
			}
		},
		"lang":"en",
		"notes":[
			{
				"text":"jakarta-mail security update",
				"category":"general",
				"title":"Synopsis"
			},
			{
				"text":"An update for jakarta-mail is now available for openEuler-24.03-LTS-SP1",
				"category":"general",
				"title":"Summary"
			},
			{
				"text":"The Jakarta Mail API provides a platform-independent and protocol-independent framework to build mail and messaging applications.\n\nSecurity Fix(es):\n\nA vulnerability has been found in Eclipse Jakarta Mail 2.2 and classified as problematic.The CWE definition for the vulnerability is CWE-147. The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as input terminators when they are sent to a downstream component.As an impact it is known to affect confidentiality, integrity, and availability.There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.(CVE-2025-7962)",
				"category":"general",
				"title":"Description"
			},
			{
				"text":"An update for jakarta-mail is now available for openEuler-24.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
				"category":"general",
				"title":"Topic"
			},
			{
				"text":"Medium",
				"category":"general",
				"title":"Severity"
			},
			{
				"text":"jakarta-mail",
				"category":"general",
				"title":"Affected Component"
			}
		],
		"publisher":{
			"issuing_authority":"openEuler security committee",
			"name":"openEuler",
			"namespace":"https://www.openeuler.org",
			"contact_details":"openeuler-security@openeuler.org",
			"category":"vendor"
		},
		"references":[
			{
				"summary":"openEuler-SA-2025-1987",
				"category":"self",
				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1987"
			},
			{
				"summary":"CVE-2025-7962",
				"category":"self",
				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-7962&packageName=jakarta-mail"
			},
			{
				"summary":"nvd cve",
				"category":"external",
				"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7962"
			},
			{
				"summary":"openEuler-SA-2025-1987 vex file",
				"category":"self",
				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2025/csaf-openeuler-sa-2025-1987.json"
			}
		],
		"title":"An update for jakarta-mail is now available for openEuler-24.03-LTS-SP1",
		"tracking":{
			"initial_release_date":"2025-08-08T19:23:26+08:00",
			"revision_history":[
				{
					"date":"2025-08-08T19:23:26+08:00",
					"summary":"Initial",
					"number":"1.0.0"
				}
			],
			"generator":{
				"date":"2025-08-08T19:23:26+08:00",
				"engine":{
					"name":"openEuler CSAF Tool V1.0"
				}
			},
			"current_release_date":"2025-08-08T19:23:26+08:00",
			"id":"openEuler-SA-2025-1987",
			"version":"1.0.0",
			"status":"final"
		}
	},
	"product_tree":{
		"branches":[
			{
				"name":"openEuler",
				"category":"vendor",
				"branches":[
					{
						"name":"openEuler",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1"
									},
									"product_id":"openEuler-24.03-LTS-SP1",
									"name":"openEuler-24.03-LTS-SP1"
								},
								"name":"openEuler-24.03-LTS-SP1",
								"category":"product_version"
							}
						],
						"category":"product_name"
					},
					{
						"name":"noarch",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1"
									},
									"product_id":"jakarta-mail-1.6.7-4.oe2403sp1.noarch.rpm",
									"name":"jakarta-mail-1.6.7-4.oe2403sp1.noarch.rpm"
								},
								"name":"jakarta-mail-1.6.7-4.oe2403sp1.noarch.rpm",
								"category":"product_version"
							}
						],
						"category":"architecture"
					},
					{
						"name":"src",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1"
									},
									"product_id":"jakarta-mail-1.6.7-4.oe2403sp1.src.rpm",
									"name":"jakarta-mail-1.6.7-4.oe2403sp1.src.rpm"
								},
								"name":"jakarta-mail-1.6.7-4.oe2403sp1.src.rpm",
								"category":"product_version"
							}
						],
						"category":"architecture"
					}
				]
			}
		],
		"relationships":[
			{
				"relates_to_product_reference":"openEuler-24.03-LTS-SP1",
				"product_reference":"jakarta-mail-1.6.7-4.oe2403sp1.noarch.rpm",
				"full_product_name":{
					"product_id":"openEuler-24.03-LTS-SP1:jakarta-mail-1.6.7-4.oe2403sp1.noarch",
					"name":"jakarta-mail-1.6.7-4.oe2403sp1.noarch as a component of openEuler-24.03-LTS-SP1"
				},
				"category":"default_component_of"
			},
			{
				"relates_to_product_reference":"openEuler-24.03-LTS-SP1",
				"product_reference":"jakarta-mail-1.6.7-4.oe2403sp1.src.rpm",
				"full_product_name":{
					"product_id":"openEuler-24.03-LTS-SP1:jakarta-mail-1.6.7-4.oe2403sp1.src",
					"name":"jakarta-mail-1.6.7-4.oe2403sp1.src as a component of openEuler-24.03-LTS-SP1"
				},
				"category":"default_component_of"
			}
		]
	},
	"vulnerabilities":[
		{
			"cve":"CVE-2025-7962",
			"notes":[
				{
					"text":"A vulnerability has been found in Eclipse Jakarta Mail 2.2 and classified as problematic.The CWE definition for the vulnerability is CWE-147. The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as input terminators when they are sent to a downstream component.As an impact it is known to affect confidentiality, integrity, and availability.There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.",
					"category":"description",
					"title":"Vulnerability Description"
				}
			],
			"product_status":{
				"fixed":[
					"openEuler-24.03-LTS-SP1:jakarta-mail-1.6.7-4.oe2403sp1.noarch",
					"openEuler-24.03-LTS-SP1:jakarta-mail-1.6.7-4.oe2403sp1.src"
				]
			},
			"remediations":[
				{
					"product_ids":[
						"openEuler-24.03-LTS-SP1:jakarta-mail-1.6.7-4.oe2403sp1.noarch",
						"openEuler-24.03-LTS-SP1:jakarta-mail-1.6.7-4.oe2403sp1.src"
					],
					"details":"jakarta-mail security update",
					"category":"vendor_fix",
					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1987"
				}
			],
			"scores":[
				{
					"cvss_v3":{
						"baseSeverity":"MEDIUM",
						"baseScore":5.3,
						"vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
						"version":"3.1"
					},
					"products":[
						"openEuler-24.03-LTS-SP1:jakarta-mail-1.6.7-4.oe2403sp1.noarch",
						"openEuler-24.03-LTS-SP1:jakarta-mail-1.6.7-4.oe2403sp1.src"
					]
				}
			],
			"threats":[
				{
					"details":"Medium",
					"category":"impact"
				}
			],
			"title":"CVE-2025-7962"
		}
	]
}