[Git][security-tracker-team/security-tracker][master] 2 commits: Process two Nvidia CVEs as NFU

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Nov 4 20:51:59 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cde80b0b by Salvatore Bonaccorso at 2025-11-04T21:51:38+01:00
Process two Nvidia CVEs as NFU

- - - - -
cf962013 by Salvatore Bonaccorso at 2025-11-04T21:51:38+01:00
Add two NVIDIA products to cover via the auto-nfu ruleset

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -80,9 +80,9 @@ CVE-2025-41112 (A lack of authorisation vulnerability has been detected in Canal
 CVE-2025-41111 (A lack of authorisation vulnerability has been detected in CanalDenunc ...)
 	NOT-FOR-US: CanalDenuncia.app
 CVE-2025-33176 (NVIDIA RunAI for all platforms contains a vulnerability where a user c ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-23358 (NVIDIA NVApp for Windows contains a vulnerability in the installer, wh ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-12695 (The overly permissive sandbox configuration in DSPy allows attackers t ...)
 	NOT-FOR-US: DSPy
 CVE-2025-12682 (The Easy Upload Files During Checkout plugin for WordPress is vulnerab ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -401,6 +401,7 @@
       - product: Isaac Lab
       - product: Megatron LM
       - product: Megatron-LM
+      - product: NVApp
       - product: NVDebug tool
       - product: NVIDIA Apex
       - product: NVIDIA App
@@ -411,6 +412,7 @@
       - product: NVIDIA WebDataset
       - product: NeMo Framework
       - product: Nsight Graphics
+      - product: RunAI
       - product: Triton Inference Server
 - reason: Oracle
   allOf:



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0ee0966e14fb78d2bc043cd940dd16f42da6f290...cf962013db2a05eb520bbe496491260518e8bca6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0ee0966e14fb78d2bc043cd940dd16f42da6f290...cf962013db2a05eb520bbe496491260518e8bca6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251104/05546302/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list