[Git][security-tracker-team/security-tracker][master] auto-nfu: Add CNA based rule for Dassault Systèmes

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4ab76c75 by Salvatore Bonaccorso at 2025-05-02T22:39:50+02:00
auto-nfu: Add CNA based rule for Dassault Systèmes

The scope of the CNA is "All websites of the corporate group and of any
subsidiaries, including but not limited to www.3ds.com and
www.solidworks.com; all Software as a Service solutions, such as
3DEXPERIENCE or ScienceCloud, but also any online hosting linked to our
brands; and all Dassault Systèmes licensed software products." and it
does not cover open source products.

A check against current CVEs shows:

Total CVEs from 3DS: 54
Total CVEs from 3DS with packages assigned: 0

It should be fine to add a CNA based rule for NFUs.

- - - - -


1 changed file:

- data/packages/nfu.yaml


Changes:

=====================================
data/packages/nfu.yaml
=====================================
@@ -1,6 +1,8 @@
 # Simple CNA based rules
 - reason: 1E
   cna: 1E
+- reason: Dassault Systemes
+  cna: 3DS
 - reason: ABB group
   cna: ABB
 - reason: Absolute Software



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ab76c75be53d7696338705ac951768f53ff3ffe

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ab76c75be53d7696338705ac951768f53ff3ffe
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250502/13d2d3cc/attachment-0001.htm>