[Git][security-tracker-team/security-tracker][master] 2 commits: Add product based rule for Perforce (we can't use the full CNA due to Puppet)

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7afcfe8b by Moritz Muehlenhoff at 2025-04-17T16:27:20+02:00
Add product based rule for Perforce (we can't use the full CNA due to Puppet)

- - - - -
98e17c19 by Moritz Muehlenhoff at 2025-04-17T16:29:03+02:00
NFUs

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -25,7 +25,7 @@ CVE-2025-3295 (The WP Editor plugin for WordPress is vulnerable to arbitrary fil
 CVE-2025-3294 (The WP Editor plugin for WordPress is vulnerable to arbitrary file upd ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-3113 (A valid, authenticated user with sufficient privileges and who is awar ...)
-	TODO: check
+	NOT-FOR-US: Perforce
 CVE-2025-32791 (The Backstage Scaffolder plugin houses types and utilities for buildin ...)
 	NOT-FOR-US: Backstage plugin
 CVE-2025-32789 (EspoCRM is an Open Source Customer Relationship Management software. P ...)
@@ -33,7 +33,7 @@ CVE-2025-32789 (EspoCRM is an Open Source Customer Relationship Management softw
 CVE-2025-32787 (SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Pro ...)
 	NOT-FOR-US: SoftEtherVPN
 CVE-2025-32783 (XWiki Platform is a generic wiki platform. A vulnerability in versions ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2025-31478 (Zulip is an open-source team collaboration tool. Zulip supports a conf ...)
 	- zulip-server <itp> (bug #800052)
 CVE-2025-31340 (A improper control of filename for include/require statement in PHP pr ...)
@@ -43,7 +43,7 @@ CVE-2025-31339 (An unrestricted upload of file with dangerous type vulnerability
 CVE-2025-31338 (A missing authorization vulnerability in the retrieve teacher Informat ...)
 	NOT-FOR-US: Wisdom Master Pro
 CVE-2025-2903 (An attacker with knowledge of creating user accounts during VM deploym ...)
-	TODO: check
+	NOT-FOR-US: Perforce
 CVE-2025-2400
 	REJECTED
 CVE-2025-2073 (Out-of-Bounds Read in ip_set_bitmap_ip.c in Google ChromeOS Kernel Ver ...)
@@ -63,9 +63,9 @@ CVE-2025-29651 (SQL Injection vulnerability exists in the TP-Link M7650 4G LTE M
 CVE-2025-28072 (PHPGurukul Pre-School Enrollment System is vulnerable to Directory Tra ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-26153 (A Stored XSS vulnerability exists in the message compose feature of Ch ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2025-25230 (Omnissa Horizon Client for Windows contains an LPE Vulnerability.A mal ...)
-	TODO: check
+	NOT-FOR-US: Omnissa Horizon
 CVE-2025-24911 (Overview         XML documents optionally contain a Document Type Defi ...)
 	TODO: check
 CVE-2025-24910 (Overview         XML documents optionally contain a Document Type Defi ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -222,6 +222,11 @@
       - product: Microsoft Edge for iOS
       - product: Microsoft Partner Center
       - product: Power Automate for Desktop
+- reason: Perforce
+  allOf:
+    - cna: Perforce
+    - anyOf:
+      - product: Delphix
 # Description based rules
 - reason: CodeAstro
   description: '.*\b(?i:Code\s?Astro)\s.*\s(?i:(system))\b.*'



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2388f193adc9eac31e79cce6fd9e2476e38f1851...98e17c19de2db52238d02886f9d4ce96bc4fe91e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2388f193adc9eac31e79cce6fd9e2476e38f1851...98e17c19de2db52238d02886f9d4ce96bc4fe91e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250417/1d6f43ff/attachment.htm>