[Git][security-tracker-team/security-tracker][master] 2 commits: auto-nfu: Add another product covered in Apache CNA rule

Salvatore Bonaccorso (@carnil) Sat, 10 Jan 2026 22:30:47 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
384df56f by Salvatore Bonaccorso at 2026-01-11T07:29:52+01:00
auto-nfu: Add another product covered in Apache CNA rule

- - - - -
f085ff82 by Salvatore Bonaccorso at 2026-01-11T07:30:14+01:00
Process some NFUs

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,13 +15,13 @@ CVE-2026-0821 (A vulnerability was determined in quickjs-ng 
quickjs up to 0.11.0
        NOTE: Fixed by: 
https://github.com/quickjs-ng/quickjs/commit/c5d80831e51e48a83eab16ea867be87f091783c5
        TODO: check, if inpacts quickjs actually or only the itp'ed quickjs-ng, 
#1120722
 CVE-2025-62235 (Authentication Bypass by Spoofing vulnerability in Apache 
NimBLE.  Rec ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-53477 (NULL Pointer Dereference vulnerability in Apache Nimble.  
Missing vali ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-53470 (Out-of-bounds Read vulnerability in Apache  NimBLE HCI H4 
driver. Spec ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-52435 (J2EE Misconfiguration: Data Transmission Without Encryption 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-15504 (A security flaw has been discovered in lief-project LIEF up to 
0.17.1. ...)
        NOT-FOR-US: LIEF
 CVE-2025-15503 (A security flaw has been discovered in Sangfor Operation and 
Maintenan ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -311,8 +311,9 @@
       - product: Apache Kvrocks
       - product: Apache Kylin
       - product: Apache Kyuubi
-      - product: Apache NimBLE
+      - product: Apache Mynewt NimBLE
       - product: Apache NiFi
+      - product: Apache NimBLE
       - product: Apache NuttX RTOS
       - product: Apache OFBiz
       - product: Apache OpenOffice



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/34ad0930f8d3f8e99ef8434ff9b80f79479b608b...f085ff8297420cca769813b32f577138af1f8e43

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/34ad0930f8d3f8e99ef8434ff9b80f79479b608b...f085ff8297420cca769813b32f577138af1f8e43
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: auto-nfu: Add another product covered in Apache CNA rule

Reply via email to