[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Oct 21 22:02:37 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b2e5c01b by Salvatore Bonaccorso at 2025-10-21T23:02:26+02:00
Process some NFUs

- - - - -
ff894f9a by Salvatore Bonaccorso at 2025-10-21T23:02:26+02:00
auto-nfu: Add more products covered for the NFU rule for Oracle CNA

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -42,25 +42,25 @@ CVE-2025-62518 (astral-tokio-tar is a tar archive reading/writing library for as
 	NOTE: https://github.com/edera-dev/cve-tarmageddon
 	TODO: check completeness
 CVE-2025-62481 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2025-62480 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2025-62479 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2025-62478 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2025-62477 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2025-62476 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2025-62475 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2025-62290 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2025-62289 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2025-62288 (Vulnerability in the Oracle Health Sciences Data Management Workbench  ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2025-62287 (Vulnerability in the Oracle Life Sciences InForm product of Oracle Hea ...)
 	TODO: check
 CVE-2025-62250 (Improper Authentication in Liferay Portal 7.4.0 through 7.4.3.132, and ...)
@@ -156,7 +156,7 @@ CVE-2025-56799 (Reolink desktop application 8.18.12 contains a command injection
 CVE-2025-56450 (Log2Space Subscriber Management Software 1.1 is vulnerable to unauthen ...)
 	TODO: check
 CVE-2025-53072 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2025-53071 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
 	NOT-FOR-US: Oracle
 CVE-2025-53070 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
@@ -208,7 +208,7 @@ CVE-2025-53048 (Vulnerability in the PeopleSoft Enterprise PeopleTools product o
 CVE-2025-53047 (Vulnerability in the Portable Clusterware component of Oracle Database ...)
 	NOT-FOR-US: Oracle
 CVE-2025-53046 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2025-53045 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	TODO: check
 CVE-2025-53044 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -427,10 +427,12 @@
       - product: Oracle Database Server
       - product: Oracle Financial Services Analytical Applications Infrastructure
       - product: Oracle Financial Services Revenue Management and Billing
+      - product: Oracle Health Sciences Data Management Workbench
       - product: Oracle Hospitality Simphony
       - product: Oracle Hyperion Financial Reporting
       - product: Oracle Lease and Finance Management
       - product: Oracle MES for Process Manufacturing
+      - product: Oracle Marketing
       - product: Oracle Mobile Field Service
       - product: Oracle REST Data Services
       - product: Oracle Scripting
@@ -441,6 +443,7 @@
       - product: Oracle Universal Work Queue
       - product: Oracle User Management
       - product: Oracle WebLogic Server
+      - product: Oracle ZFS Storage Appliance Kit
       - product: Oracle iStore
       - product: Oracle iSupplier Portal
       - product: PeopleSoft Enterprise CC Common Application Objects



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/52c6d3293ac7e91f35f5c43c542acee82fea48ee...ff894f9a9f919b0494ec35df43bc56c757bacf82

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/52c6d3293ac7e91f35f5c43c542acee82fea48ee...ff894f9a9f919b0494ec35df43bc56c757bacf82
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251021/7f100ac8/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list