[Git][security-tracker-team/security-tracker][master] auto-nfu: Extend vmware rule

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
87400147 by Moritz Muehlenhoff at 2026-06-09T14:32:27+02:00
auto-nfu: Extend vmware rule

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -161,21 +161,21 @@ CVE-2026-41838 (IDs for WebSocket sessions in the 
spring-websocket module are no
        NOTE: https://spring.io/security/cve-2026-41838
        NOTE: Only supported for building applications shipped in Debian, see 
README.Debian.security
 CVE-2026-41720 (Spring LDAP's DirContextAuthenticationStrategy implementations 
do not  ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2026-41715 (In specific scenarios involving HTTP redirects from a secure 
to an ins ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2026-41710 (An attacker can craft a large number of unique requests that 
trigger a ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2026-41539 (A cross-site scripting (XSS) vulnerability has been reported 
to affect ...)
        NOT-FOR-US: QNAP
 CVE-2026-41007 (Spring HATEOAS maintains an unbounded static cache of 
StringLinkRelati ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2026-41006 (Spring HATEOAS's internal 
PropertyUtils.createObjectFromProperties met ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2026-40984 (In Micrometer, it is possible for a user to provide specially 
crafted  ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2026-40983 (In Micrometer, it is possible for a user to provide specially 
crafted  ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2026-40519 (Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in 
commit a5 ...)
        NOT-FOR-US: Nginx Proxy Manager
 CVE-2026-40128 (SAP NetWeaver Application Server Java (Web Container) allows 
an unauth ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -673,12 +673,17 @@
       - product: Avi Load Balancer
       - product: BOSH Director
       - product: Cloud Foundry
+      - product: Micrometer
+      - product: Reactor Netty
       - product: Spring AI
       - product: Spring Boot
       - product: Spring Cloud Config
       - product: Spring Cloud Function
       - product: Spring Cloud Gateway
       - product: Spring Cloud Gateway Server Webflux
+      - product: Spring HATEOAS
+      - product: Spring LDAP
+      - product: Spring Retry
       - product: VMware Cloud Foundation
       - product: VMware ESXi
       - product: VMware NSX



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87400147aa2565287a83d01f055002b45e15699f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87400147aa2565287a83d01f055002b45e15699f
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits