Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b32eb106 by Moritz Muehlenhoff at 2025-11-27T12:06:11+01:00
auto-nfu: Extend Apache rule
- - - - -
2 changed files:
- data/CVE/list
- data/packages/nfu.yaml
Changes:
=====================================
data/CVE/list
=====================================
@@ -181,7 +181,7 @@ CVE-2025-63938 (Tinyproxy through 1.11.2 contains an
integer overflow vulnerabil
NOTE: https://github.com/tinyproxy/tinyproxy/issues/586
NOTE: Fixed by:
https://github.com/tinyproxy/tinyproxy/commit/3c0fde94981b025271ffa1788ae425257841bf5a
CVE-2025-62728 (SQL injection vulnerability in Hive Metastore Server (HMS)
when proces ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-62354 (Improper neutralization of special elements used in an OS
command ('co ...)
NOT-FOR-US: Cursor
CVE-2025-59390 (Apache Druid\u2019s Kerberos authenticator uses a weak
fallback secret ...)
=====================================
data/packages/nfu.yaml
=====================================
@@ -294,6 +294,7 @@
- product: Apache Fory
- product: Apache Geode
- product: Apache HertzBeat (incubating)
+ - product: Apache Hive
- product: Apache IoTDB
- product: Apache Kylin
- product: Apache OFBiz
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b32eb106b6fe14efbdb466a85f90af23bdd22795
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b32eb106b6fe14efbdb466a85f90af23bdd22795
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
