[Git][security-tracker-team/security-tracker][master] 2 commits: auto-nfu: Add IBM
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Mar 7 22:41:59 GMT 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e0d43c57 by Moritz Muehlenhoff at 2025-03-07T23:33:57+01:00
auto-nfu: Add IBM
There were a handful of assignments by the IBM CNA in the past, but they
all seem fine:
- some kernel ones which would today no longer be allowed since entirely
covered by the Linux kernel CNA
- some old Java issues from 12 years ago, when IBM was still maintaining
their own Java version
- some mis-assigned Ceph issue (which we would not have spotted by the
description as well)
So overall, this seems fine to auto-nfu the entire CNA.
- - - - -
8c44bdee by Moritz Muehlenhoff at 2025-03-07T23:40:53+01:00
NFUs
- - - - -
2 changed files:
- data/CVE/list
- data/packages/nfu.yaml
Changes:
=====================================
data/CVE/list
=====================================
@@ -97,7 +97,7 @@ CVE-2024-13431 (The Appointment Booking Calendar \u2014 Simply Schedule Appointm
CVE-2024-13086 (An exposure of sensitive information vulnerability has been reported t ...)
NOT-FOR-US: QNAP
CVE-2024-12975 (A buffer overread can occur in the CPC application when operating in f ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs
CVE-2024-12876 (The Golo - City Travel Guide WordPress Theme theme for WordPress is vu ...)
NOT-FOR-US: WordPress plugin
CVE-2024-12634 (The Related Posts, Inline Related Posts, Contextual Related Posts, Rel ...)
@@ -117,9 +117,9 @@ CVE-2024-12035 (The CS Framework plugin for WordPress is vulnerable to arbitrary
CVE-2024-10804 (The Ultimate Video Player WordPress & WooCommerce Plugin plugin for Wo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-43052 (IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external se ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-35894 (IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header in ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-21843 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3b32b7f638fe61e9d29290960172f4e360e38233 (6.14-rc3)
@@ -1353,7 +1353,7 @@ CVE-2025-27418 (WeGIA is an open source Web Manager for Institutions with a focu
CVE-2025-27417 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
NOT-FOR-US: WeGIA
CVE-2025-27371 (In certain IETF OAuth 2.0-related specifications, when the JSON Web To ...)
- TODO: check
+ NOT-FOR-US: OAuth 2.0-related specifications
CVE-2025-27370 (OpenID Connect Core through 1.0 errata set 2 allows audience injection ...)
TODO: check
CVE-2025-27279 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
=====================================
data/packages/nfu.yaml
=====================================
@@ -13,6 +13,8 @@
cna: huawei
- reason: Jenkins (core or plugin)
cna: jenkins
+- reason: IBM
+ cna: ibm
- reason: Imagination Technologies
cna: imaginationtech
- reason: Juniper
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b8812a7c1090298b433eb163f1b40a620601e26f...8c44bdeeabf6ebff5827b1a0fd6fb9cc01dc65d7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b8812a7c1090298b433eb163f1b40a620601e26f...8c44bdeeabf6ebff5827b1a0fd6fb9cc01dc65d7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250307/946223b1/attachment.htm>
More information about the debian-security-tracker-commits
mailing list