Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3ce5019e by Moritz Muehlenhoff at 2026-07-04T11:52:36+02:00
auto-nfu: Update various rules
- - - - -
2 changed files:
- data/CVE/list
- data/packages/nfu.yaml
Changes:
=====================================
data/CVE/list
=====================================
@@ -600,7 +600,7 @@ CVE-2026-49838
CVE-2026-9834 (The WP Database Backup \u2013 Unlimited Database & Files Backup
by Bac ...)
NOT-FOR-US: WordPress plugin
CVE-2026-9563 (In Eclipse Parsson published Maven Central artifacts before
version 1. ...)
- TODO: check
+ NOT-FOR-US: Eclipse
CVE-2026-9272 (In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a
vulnera ...)
NOT-FOR-US: Progress Software
CVE-2026-9188 (The Appointment Bookings for Zoom GoogleMeet and more \u2013
Wappointm ...)
@@ -1591,13 +1591,13 @@ CVE-2026-27435 (Missing Authorization vulnerability in
WofficeIO Woffice allows
CVE-2026-27409 (Missing Authorization vulnerability in Webba Plugins Webba
Booking all ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-24270 (NVIDIA AIStore framework contains a vulnerability where an
attacker co ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-24266 (NVIDIA Triton Inference Server for Linux contains a
vulnerability wher ...)
NOT-FOR-US: NVIDIA
CVE-2026-24264 (NVIDIA Triton Inference Server for Linux contains a
vulnerability wher ...)
NOT-FOR-US: NVIDIA
CVE-2026-24260 (NVIDIA Container Toolkit for Linux contains a vulnerability
where an a ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-24251 (NVIDIA Megatron Bridge for Linux contains a vulnerability
where an att ...)
NOT-FOR-US: NVIDIA
CVE-2026-24250 (NVIDIA Megatron Bridge for Linux contains a vulnerability
where an att ...)
@@ -1651,7 +1651,7 @@ CVE-2026-20213 (A vulnerability in the PE file format
parser of ClamAV could all
CVE-2026-20191 (A vulnerability in Cisco Catalyst Center could allow an
unauthenticate ...)
NOT-FOR-US: Cisco
CVE-2026-14358 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extensions/skins not packaged in Debian
CVE-2026-14330 (Multiple unbounded alloca() calls in the PulseAudio protocol
server.)
- pulseaudio <unfixed> (bug #1141309)
[trixie] - pulseaudio <no-dsa> (Minor issue)
=====================================
data/packages/nfu.yaml
=====================================
@@ -452,6 +452,7 @@
- product: Eclipse Cyclone DDS
- product: Eclipse Glassfish
- product: Eclipse KUKSA - Databroker
+ - product: Eclipse Parsson
- product: Eclipse Theia
- product: Eclipse ThreadX
- product: Eclipse ThreadX - NetX Duo
@@ -562,7 +563,9 @@
- cna: nvidia
- anyOf:
- product: AIStore
+ - product: AIStore framework
- product: BioNeMo Framework
+ - product: Container Toolkit
- product: CUDA-Q
- product: DALI
- product: DGX Spark
@@ -850,6 +853,7 @@
- product: Mediawiki - CampaignEvents Extension
- product: Mediawiki - Cargo Extension
- product: Mediawiki - CentralAuth Extension
+ - product: Mediawiki - Charts Extension
- product: MediaWiki - CSS extension
- product: Mediawiki - ExternalGuidance
- product: Mediawiki - GlobalWatchlist Extension
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ce5019ee5fdd21bf1626f0cadd456e93bfd8471
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ce5019ee5fdd21bf1626f0cadd456e93bfd8471
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits