[Git][security-tracker-team/security-tracker][master] auto-nfu: Add rule for Sonatype

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ab17ae15 by Moritz Muehlenhoff at 2025-10-09T10:51:07+02:00
auto-nfu: Add rule for Sonatype

Total CVEs from Sonatype: 11
Total CVEs from Sonatype with packages assigned: 0

Scope: All Sonatype products and vulnerabilities in third-party
software discovered by Sonatype that are not in another CNA’s scope.

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2025-9970 (Cleartext Storage of Sensitive Information in Memory vulnerability in  ...)
 	NOT-FOR-US: ABB group
 CVE-2025-9868 (Server-Side Request Forgery (SSRF) in the Remote Browser Plugin in Son ...)
-	TODO: check
+	NOT-FOR-US: Sonatype
 CVE-2025-7634 (The WP Travel Engine \u2013 Tour Booking Plugin \u2013 Tour Operator S ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-7526 (The WP Travel Engine \u2013 Tour Booking Plugin \u2013 Tour Operator S ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -215,6 +215,8 @@
   cna: Softing
 - reason: SolarWinds
   cna: SolarWinds
+- reason: Sonatype
+  cna: Sonatype
 - reason: SonicWall
   cna: sonicwall
 - reason: Sophos



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab17ae1511fb9431ba0b5495f455b6c8a4fbc240

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab17ae1511fb9431ba0b5495f455b6c8a4fbc240
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251009/4ecbc05d/attachment-0001.htm>