[Git][security-tracker-team/security-tracker][master] auto-nfu: Extend Oracle rule

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Oct 21 22:10:14 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e4d47096 by Moritz Muehlenhoff at 2025-10-21T23:09:54+02:00
auto-nfu: Extend Oracle rule

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -62,31 +62,31 @@ CVE-2025-62289 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of
 CVE-2025-62288 (Vulnerability in the Oracle Health Sciences Data Management Workbench  ...)
 	NOT-FOR-US: Oracle
 CVE-2025-62287 (Vulnerability in the Oracle Life Sciences InForm product of Oracle Hea ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2025-62250 (Improper Authentication in Liferay Portal 7.4.0 through 7.4.3.132, and ...)
 	NOT-FOR-US: Liferay
 CVE-2025-62249 (A reflected cross-site scripting (XSS) vulnerability in the Liferay Po ...)
 	NOT-FOR-US: Liferay
 CVE-2025-61885 (Vulnerability in the Oracle Life Sciences InForm product of Oracle Hea ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2025-61881 (Vulnerability in the Java VM component of Oracle Database Server.  Sup ...)
 	NOT-FOR-US: Oracle
 CVE-2025-61764 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
 	NOT-FOR-US: Oracle
 CVE-2025-61763 (Vulnerability in Oracle Essbase (component: Essbase Web Platform).   T ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2025-61762 (Vulnerability in the PeopleSoft Enterprise FIN Payables product of Ora ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2025-61761 (Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management  ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2025-61760 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
 	- virtualbox <unfixed>
 CVE-2025-61759 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
 	- virtualbox <unfixed>
 CVE-2025-61758 (Vulnerability in the PeopleSoft Enterprise FIN IT Asset Management pro ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2025-61757 (Vulnerability in the Identity Manager product of Oracle Fusion Middlew ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2025-61755 (Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE  ...)
 	TODO: check
 CVE-2025-61754 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...)
@@ -196,7 +196,7 @@ CVE-2025-53054 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
 CVE-2025-53053 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	TODO: check
 CVE-2025-53052 (Vulnerability in the Oracle Workflow product of Oracle E-Business Suit ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2025-53051 (Vulnerability in the RDBMS Functional Index component of Oracle Databa ...)
 	NOT-FOR-US: Oracle
 CVE-2025-53050 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -410,6 +410,7 @@
   allOf:
     - cna: oracle
     - anyOf:
+      - product: Identity Manager
       - product: JD Edwards EnterpriseOne Tools
       - product: MySQL Cluster
       - product: Oracle Application Express
@@ -425,12 +426,15 @@
       - product: Oracle Concurrent Processing
       - product: Oracle Configurator
       - product: Oracle Database Server
+      - product: Oracle Essbase
       - product: Oracle Financial Services Analytical Applications Infrastructure
       - product: Oracle Financial Services Revenue Management and Billing
       - product: Oracle Health Sciences Data Management Workbench
       - product: Oracle Hospitality Simphony
       - product: Oracle Hyperion Financial Reporting
       - product: Oracle Lease and Finance Management
+      - product: Oracle Life Sciences InForm
+      - product: Oracle Marketing
       - product: Oracle MES for Process Manufacturing
       - product: Oracle Marketing
       - product: Oracle Mobile Field Service
@@ -443,10 +447,14 @@
       - product: Oracle Universal Work Queue
       - product: Oracle User Management
       - product: Oracle WebLogic Server
+      - product: Oracle Workflow
       - product: Oracle ZFS Storage Appliance Kit
       - product: Oracle iStore
       - product: Oracle iSupplier Portal
       - product: PeopleSoft Enterprise CC Common Application Objects
+      - product: PeopleSoft Enterprise FIN IT Asset Management
+      - product: PeopleSoft Enterprise FIN Maintenance Management
+      - product: PeopleSoft Enterprise FIN Payables
       - product: PeopleSoft Enterprise HCM Global Payroll Core
       - product: PeopleSoft Enterprise HCM Talent Acquisition Manager
       - product: PeopleSoft Enterprise PeopleTools



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4d470969aa0f524693f08a50f7317dda042aaee

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4d470969aa0f524693f08a50f7317dda042aaee
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251021/317d21ee/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list