[Git][security-tracker-team/security-tracker][master] auto-nfu: Extend Apache rule

Moritz Muehlenhoff (@jmm) Fri, 17 Oct 2025 17:39:25 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
056cf8c6 by Moritz Mühlenhoff at 2025-10-15T10:48:18+02:00
auto-nfu: Extend Apache rule

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -37,7 +37,7 @@ CVE-2025-55080 (In Eclipse ThreadX before 6.4.3, when memory 
protection is enabl
 CVE-2025-55079 (In Eclipse ThreadX before version 6.4.3, the thread module has 
a setti ...)
        TODO: check
 CVE-2025-55039 (This issue affects Apache Spark versions before  3.4.4,3.5.2 
and 4.0.0 ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-54279 (Animate versions 23.0.13, 24.0.10 and earlier are affected by 
a Use Af ...)
        NOT-FOR-US: Adobe
 CVE-2025-54278 (Bridge versions 14.1.8, 15.1.1 and earlier are affected by a 
Heap-base ...)
@@ -818,7 +818,7 @@ CVE-2024-48891 (An Improper Neutralization of Special 
Elements used in an OS Com
 CVE-2024-47569 (A insertion of sensitive information into sent data in 
Fortinet FortiM ...)
        NOT-FOR-US: Fortinet
 CVE-2024-44088 (Malicious script injection ('Cross-site Scripting') 
vulnerability in A ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2024-33507 (An insufficient session expiration vulnerability [CWE-613] and 
an inco ...)
        NOT-FOR-US: Fortinet
 CVE-2024-26008 (An improper check or handling of exceptional conditions 
vulnerability  ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -282,10 +282,12 @@
       - product: Apache CXF
       - product: Apache DolphinScheduler
       - product: Apache Fory
+      - product: Apache Geode
       - product: Apache HertzBeat (incubating)
       - product: Apache IoTDB
       - product: Apache Kylin
       - product: Apache Seata (incubating)
+      - product: Apache Spark
       - product: Apache StreamPark
       - product: Apache Superset
       - product: Apache Zeppelin



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/056cf8c693251bdb85e6061c9b5d57cefd723b8a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/056cf8c693251bdb85e6061c9b5d57cefd723b8a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] auto-nfu: Extend Apache rule

Reply via email to