An update for jakarta-mail is now available for openEuler-22.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-1990 Final 1.0 1.0 2025-08-08 Initial 2025-08-08 2025-08-08 openEuler SA Tool V1.0 2025-08-08 jakarta-mail security update An update for jakarta-mail is now available for openEuler-22.03-LTS-SP4 The Jakarta Mail API provides a platform-independent and protocol-independent framework to build mail and messaging applications. Security Fix(es): A vulnerability has been found in Eclipse Jakarta Mail 2.2 and classified as problematic.The CWE definition for the vulnerability is CWE-147. The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as input terminators when they are sent to a downstream component.As an impact it is known to affect confidentiality, integrity, and availability.There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.(CVE-2025-7962) An update for jakarta-mail is now available for openEuler-22.03-LTS-SP4. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium jakarta-mail https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1990 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-7962 https://nvd.nist.gov/vuln/detail/CVE-2025-7962 openEuler-22.03-LTS-SP4 jakarta-mail-1.6.7-4.oe2203sp4.noarch.rpm jakarta-mail-1.6.7-4.oe2203sp4.src.rpm A vulnerability has been found in Eclipse Jakarta Mail 2.2 and classified as problematic.The CWE definition for the vulnerability is CWE-147. The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as input terminators when they are sent to a downstream component.As an impact it is known to affect confidentiality, integrity, and availability.There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product. 2025-08-08 CVE-2025-7962 openEuler-22.03-LTS-SP4 Medium 5.3 AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N jakarta-mail security update 2025-08-08 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1990