[Git][security-tracker-team/security-tracker][master] 2 commits: auto-nfu: Add Apple CNA

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Mar 11 11:11:11 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6fc80190 by Moritz Muehlenhoff at 2025-03-11T12:09:23+01:00
auto-nfu: Add Apple CNA

The webkit CVEs usually get announced a few days later by the webkit project
and so far with manual triage we've also listed them initially as NFU: Apple
until more information is available, so let's handle the script it likewise.

- - - - -
a589a241 by Moritz Muehlenhoff at 2025-03-11T12:10:47+01:00
NFUs

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -261,19 +261,19 @@ CVE-2024-56184 (In static long dev_send of tipc_dev_ql, there is a possible out
 CVE-2024-55199 (A Stored Cross Site Scripting (XSS) vulnerability in Celk Sistemas Cel ...)
 	NOT-FOR-US: Celk Sistemas Celk Saude
 CVE-2024-54560 (A logic issue was addressed with improved checks. This issue is fixed  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-54558 (A clickjacking issue was addressed with improved out-of-process view h ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-54546 (The issue was addressed with improved memory handling. This issue is f ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-54473 (This issue was addressed with improved redaction of sensitive informat ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-54469 (The issue was addressed with improved checks. This issue is fixed in m ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-54467 (A cookie management issue was addressed with improved state management ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-54463 (This issue was addressed with improved entitlements. This issue is fix ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-53307 (A reflected cross-site scripting (XSS) vulnerability in the /mw/ endpo ...)
 	NOT-FOR-US: Evisions MAPS
 CVE-2024-52905 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 a ...)
@@ -283,11 +283,11 @@ CVE-2024-52812 (LF Edge eKuiper is an internet-of-things data analytics and stre
 CVE-2024-47109 (IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through  ...)
 	NOT-FOR-US: IBM
 CVE-2024-44227 (The issue was addressed with improved memory handling. This issue is f ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-44192 (The issue was addressed with improved checks. This issue is fixed in w ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-44179 (This issue was addressed by restricting options offered on a locked de ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-13919 (The Laravel framework versions between 11.9.0 and 11.35.1 are suscepti ...)
 	TODO: check
 CVE-2024-13918 (The Laravel framework versions between 11.9.0 and 11.35.1 are suscepti ...)
@@ -295,9 +295,9 @@ CVE-2024-13918 (The Laravel framework versions between 11.9.0 and 11.35.1 are su
 CVE-2024-12604 (Cleartext Storage of Sensitive Information in an Environment Variable, ...)
 	NOT-FOR-US: Tapandsign Technologies Tap&Sign App
 CVE-2022-48610 (This issue was addressed through improved state management. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2022-43454 (A double free issue was addressed with improved memory management. Thi ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2025-2150 (The C&Cm at il from HGiga has a Stored Cross-Site Scripting (XSS) vulnera ...)
 	NOT-FOR-US: HGiga
 CVE-2025-2133 (A vulnerability classified as problematic was found in ftcms 2.1. Affe ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -1,4 +1,6 @@
 # Simple CNA based rules
+- reason: Apple
+  cna: apple
 - reason: Arista Networks
   cna: Arista
 - reason: Axis Communication



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/16a2c37df035c82868b48ff3955b3f7028fbe0e4...a589a241ffc88676afbf5754d61d560d1d5a9ec8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/16a2c37df035c82868b48ff3955b3f7028fbe0e4...a589a241ffc88676afbf5754d61d560d1d5a9ec8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250311/9449a92f/attachment.htm>

More information about the debian-security-tracker-commits mailing list