[Git][security-tracker-team/security-tracker][master] auto-nfu: Update Apache rule

Tue Apr 28 08:08:35 BST 2026


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a28e41b3 by Moritz Muehlenhoff at 2026-04-28T09:08:12+02:00
auto-nfu: Update Apache rule

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -153,17 +153,17 @@ CVE-2026-40860 (JmsBinding.extractBodyFromJms() in camel-jms, and the equivalent
 CVE-2026-40858 (The camel-infinispan component's ProtoStream-based remote aggregation  ...)
 	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-40557 (Improper Certificate Validation via Global SSL Context Downgrade in Ap ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-40514 (SmarterTools SmarterMail builds prior to 9610 contain a cryptographic  ...)
 	NOT-FOR-US: SmarterTools SmarterMail
 CVE-2026-40473 (The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type  ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-40453 (The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilte ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-40048 (The Camel-PQC FileBasedKeyLifecycleManager class deserializes the cont ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-40022 (When authentication is enabled on the Apache Camel embedded HTTP serve ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-38936 (A reflected cross-site scripting (XSS) vulnerability exists in diskove ...)
 	NOT-FOR-US: diskover-community
 CVE-2026-38935 (A reflected cross-site scripting (XSS) vulnerability exists in diskove ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -316,7 +316,11 @@
       - product: Apache Avro Java SDK
       - product: Apache CXF
       - product: Apache Camel
+      - product: Apache Camel JMS
+      - product: Apache Camel Mina
       - product: Apache Camel Neo4j
+      - product: Apache Camel Platform HTTP Main
+      - product: Apache Camel PQC
       - product: Apache Causeway
       - product: Apache CloudStack
       - product: Apache Continuum
@@ -349,6 +353,7 @@
       - product: Apache SkyWalking MCP
       - product: Apache Spark
       - product: Apache Storm Client
+      - product: Apache Storm Prometheus Reporter
       - product: Apache Storm UI
       - product: Apache StreamPark
       - product: Apache StreamPipes



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a28e41b3c1306673ba1abcf7264c5e2cba3c9ef6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a28e41b3c1306673ba1abcf7264c5e2cba3c9ef6
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260428/74d21d05/attachment-0001.htm>
