Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3ce5019e by Moritz Muehlenhoff at 2026-07-04T11:52:36+02:00
auto-nfu: Update various rules

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -600,7 +600,7 @@ CVE-2026-49838
 CVE-2026-9834 (The WP Database Backup \u2013 Unlimited Database & Files Backup 
by Bac ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-9563 (In Eclipse Parsson published Maven Central artifacts before 
version 1. ...)
-       TODO: check
+       NOT-FOR-US: Eclipse
 CVE-2026-9272 (In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a 
vulnera ...)
        NOT-FOR-US: Progress Software
 CVE-2026-9188 (The Appointment Bookings for Zoom GoogleMeet and more \u2013 
Wappointm ...)
@@ -1591,13 +1591,13 @@ CVE-2026-27435 (Missing Authorization vulnerability in 
WofficeIO Woffice allows
 CVE-2026-27409 (Missing Authorization vulnerability in Webba Plugins Webba 
Booking all ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2026-24270 (NVIDIA AIStore framework contains a vulnerability where an 
attacker co ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2026-24266 (NVIDIA Triton Inference Server for Linux contains a 
vulnerability wher ...)
        NOT-FOR-US: NVIDIA
 CVE-2026-24264 (NVIDIA Triton Inference Server for Linux contains a 
vulnerability wher ...)
        NOT-FOR-US: NVIDIA
 CVE-2026-24260 (NVIDIA Container Toolkit for Linux contains a vulnerability 
where an a ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2026-24251 (NVIDIA Megatron Bridge for Linux contains a vulnerability 
where an att ...)
        NOT-FOR-US: NVIDIA
 CVE-2026-24250 (NVIDIA Megatron Bridge for Linux contains a vulnerability 
where an att ...)
@@ -1651,7 +1651,7 @@ CVE-2026-20213 (A vulnerability in the PE file format 
parser of ClamAV could all
 CVE-2026-20191 (A vulnerability in Cisco Catalyst Center could allow an 
unauthenticate ...)
        NOT-FOR-US: Cisco
 CVE-2026-14358 (Improper neutralization of input during web page generation 
('cross-si ...)
-       TODO: check
+       NOT-FOR-US: MediaWiki extensions/skins not packaged in Debian
 CVE-2026-14330 (Multiple unbounded alloca() calls in the PulseAudio protocol 
server.)
        - pulseaudio <unfixed> (bug #1141309)
        [trixie] - pulseaudio <no-dsa> (Minor issue)


=====================================
data/packages/nfu.yaml
=====================================
@@ -452,6 +452,7 @@
       - product: Eclipse Cyclone DDS
       - product: Eclipse Glassfish
       - product: Eclipse KUKSA - Databroker
+      - product: Eclipse Parsson
       - product: Eclipse Theia
       - product: Eclipse ThreadX
       - product: Eclipse ThreadX - NetX Duo
@@ -562,7 +563,9 @@
     - cna: nvidia
     - anyOf:
       - product: AIStore
+      - product: AIStore framework
       - product: BioNeMo Framework
+      - product: Container Toolkit
       - product: CUDA-Q
       - product: DALI
       - product: DGX Spark
@@ -850,6 +853,7 @@
       - product: Mediawiki - CampaignEvents Extension
       - product: Mediawiki - Cargo Extension
       - product: Mediawiki - CentralAuth Extension
+      - product: Mediawiki - Charts Extension
       - product: MediaWiki - CSS extension
       - product: Mediawiki - ExternalGuidance
       - product: Mediawiki - GlobalWatchlist Extension



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ce5019ee5fdd21bf1626f0cadd456e93bfd8471

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ce5019ee5fdd21bf1626f0cadd456e93bfd8471
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to