[Git][security-tracker-team/security-tracker][master] auto-nfu: Extend Apache rule

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b32eb106 by Moritz Muehlenhoff at 2025-11-27T12:06:11+01:00
auto-nfu: Extend Apache rule

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -181,7 +181,7 @@ CVE-2025-63938 (Tinyproxy through 1.11.2 contains an integer overflow vulnerabil
 	NOTE: https://github.com/tinyproxy/tinyproxy/issues/586
 	NOTE: Fixed by: https://github.com/tinyproxy/tinyproxy/commit/3c0fde94981b025271ffa1788ae425257841bf5a
 CVE-2025-62728 (SQL injection vulnerability in Hive Metastore Server (HMS) when proces ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-62354 (Improper neutralization of special elements used in an OS command ('co ...)
 	NOT-FOR-US: Cursor
 CVE-2025-59390 (Apache Druid\u2019s Kerberos authenticator uses a weak fallback secret ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -294,6 +294,7 @@
       - product: Apache Fory
       - product: Apache Geode
       - product: Apache HertzBeat (incubating)
+      - product: Apache Hive
       - product: Apache IoTDB
       - product: Apache Kylin
       - product: Apache OFBiz



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b32eb106b6fe14efbdb466a85f90af23bdd22795

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b32eb106b6fe14efbdb466a85f90af23bdd22795
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251127/dbd5f06a/attachment-0001.htm>