[Git][security-tracker-team/security-tracker][master] auto-nfu: Update NVIDIA rule

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2ccece8b by Moritz Muehlenhoff at 2025-08-15T16:50:53+02:00
auto-nfu: Update NVIDIA rule

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -1012,21 +1012,21 @@ CVE-2025-2181 (A sensitive information disclosure 
vulnerability in Palo Alto Net
 CVE-2025-2180 (An unsafe deserialization vulnerability in Palo Alto Networks 
Checkov  ...)
        NOT-FOR-US: Palo Alto Networks
 CVE-2025-23306 (NVIDIA Megatron-LM for all platforms contains a vulnerability 
in the m ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2025-23305 (NVIDIA Megatron-LM for all platforms contains a vulnerability 
in the t ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2025-23304 (NVIDIA NeMo library for all platforms contains a vulnerability 
in the  ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2025-23303 (NVIDIA NeMo Framework for all platforms contains a 
vulnerability where ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2025-23298 (NVIDIA Merlin Transformers4Rec for all platforms contains a 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2025-23296 (NVIDIA Isaac-GR00T for all platforms contains a vulnerability 
in a Pyt ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2025-23295 (NVIDIA Apex for all platforms contains a vulnerability in a 
Python com ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2025-23294 (NVIDIA WebDataset for all platforms contains a vulnerability 
where an  ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2025-1477 (An issue has been discovered in GitLab CE/EE affecting all 
versions fr ...)
        - gitlab <unfixed>
 CVE-2024-5477 (A potential security vulnerability has been identified in the 
System B ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -338,6 +338,12 @@
     - anyOf:
       - product: AIStore
       - product: Megatron LM
+      - product: Megatron-LM
+      - product: NVIDIA Apex
+      - product: NVIDIA Isaac-GR00T N1
+      - product: NVIDIA Merlin Transformers4Rec
+      - product: NVIDIA NeMo Framework
+      - product: NVIDIA WebDataset
       - product: Triton Inference Server
 - reason: Oracle
   allOf:



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ccece8baa119753e23f87fc1cadee83000ae949

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ccece8baa119753e23f87fc1cadee83000ae949
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits