[Git][security-tracker-team/security-tracker][master] auto-nfu: Extend Apache rule

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Oct 15 09:48:41 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
056cf8c6 by Moritz Mühlenhoff at 2025-10-15T10:48:18+02:00
auto-nfu: Extend Apache rule

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -37,7 +37,7 @@ CVE-2025-55080 (In Eclipse ThreadX before 6.4.3, when memory protection is enabl
 CVE-2025-55079 (In Eclipse ThreadX before version 6.4.3, the thread module has a setti ...)
 	TODO: check
 CVE-2025-55039 (This issue affects Apache Spark versions before  3.4.4,3.5.2 and 4.0.0 ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-54279 (Animate versions 23.0.13, 24.0.10 and earlier are affected by a Use Af ...)
 	NOT-FOR-US: Adobe
 CVE-2025-54278 (Bridge versions 14.1.8, 15.1.1 and earlier are affected by a Heap-base ...)
@@ -818,7 +818,7 @@ CVE-2024-48891 (An Improper Neutralization of Special Elements used in an OS Com
 CVE-2024-47569 (A insertion of sensitive information into sent data in Fortinet FortiM ...)
 	NOT-FOR-US: Fortinet
 CVE-2024-44088 (Malicious script injection ('Cross-site Scripting') vulnerability in A ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2024-33507 (An insufficient session expiration vulnerability [CWE-613] and an inco ...)
 	NOT-FOR-US: Fortinet
 CVE-2024-26008 (An improper check or handling of exceptional conditions vulnerability  ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -282,10 +282,12 @@
       - product: Apache CXF
       - product: Apache DolphinScheduler
       - product: Apache Fory
+      - product: Apache Geode
       - product: Apache HertzBeat (incubating)
       - product: Apache IoTDB
       - product: Apache Kylin
       - product: Apache Seata (incubating)
+      - product: Apache Spark
       - product: Apache StreamPark
       - product: Apache Superset
       - product: Apache Zeppelin



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/056cf8c693251bdb85e6061c9b5d57cefd723b8a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/056cf8c693251bdb85e6061c9b5d57cefd723b8a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251015/e707fa2e/attachment.htm>

More information about the debian-security-tracker-commits mailing list