[Git][security-tracker-team/security-tracker][master] auto-nfu: Update NVIDIA rule

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2ccece8b by Moritz Muehlenhoff at 2025-08-15T16:50:53+02:00
auto-nfu: Update NVIDIA rule

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -1012,21 +1012,21 @@ CVE-2025-2181 (A sensitive information disclosure vulnerability in Palo Alto Net
 CVE-2025-2180 (An unsafe deserialization vulnerability in Palo Alto Networks Checkov  ...)
 	NOT-FOR-US: Palo Alto Networks
 CVE-2025-23306 (NVIDIA Megatron-LM for all platforms contains a vulnerability in the m ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-23305 (NVIDIA Megatron-LM for all platforms contains a vulnerability in the t ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-23304 (NVIDIA NeMo library for all platforms contains a vulnerability in the  ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-23303 (NVIDIA NeMo Framework for all platforms contains a vulnerability where ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-23298 (NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-23296 (NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Pyt ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-23295 (NVIDIA Apex for all platforms contains a vulnerability in a Python com ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-23294 (NVIDIA WebDataset for all platforms contains a vulnerability where an  ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-1477 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
 	- gitlab <unfixed>
 CVE-2024-5477 (A potential security vulnerability has been identified in the System B ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -338,6 +338,12 @@
     - anyOf:
       - product: AIStore
       - product: Megatron LM
+      - product: Megatron-LM
+      - product: NVIDIA Apex
+      - product: NVIDIA Isaac-GR00T N1
+      - product: NVIDIA Merlin Transformers4Rec
+      - product: NVIDIA NeMo Framework
+      - product: NVIDIA WebDataset
       - product: Triton Inference Server
 - reason: Oracle
   allOf:



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ccece8baa119753e23f87fc1cadee83000ae949

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ccece8baa119753e23f87fc1cadee83000ae949
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250815/45d98172/attachment-0001.htm>