[Git][security-tracker-team/security-tracker][master] 2 commits: auto-nfu: Add another product covered in Apache CNA rule

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Jan 11 06:30:30 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
384df56f by Salvatore Bonaccorso at 2026-01-11T07:29:52+01:00
auto-nfu: Add another product covered in Apache CNA rule

- - - - -
f085ff82 by Salvatore Bonaccorso at 2026-01-11T07:30:14+01:00
Process some NFUs

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,13 +15,13 @@ CVE-2026-0821 (A vulnerability was determined in quickjs-ng quickjs up to 0.11.0
 	NOTE: Fixed by: https://github.com/quickjs-ng/quickjs/commit/c5d80831e51e48a83eab16ea867be87f091783c5
 	TODO: check, if inpacts quickjs actually or only the itp'ed quickjs-ng, #1120722
 CVE-2025-62235 (Authentication Bypass by Spoofing vulnerability in Apache NimBLE.  Rec ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-53477 (NULL Pointer Dereference vulnerability in Apache Nimble.  Missing vali ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-53470 (Out-of-bounds Read vulnerability in Apache  NimBLE HCI H4 driver. Spec ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-52435 (J2EE Misconfiguration: Data Transmission Without Encryption vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-15504 (A security flaw has been discovered in lief-project LIEF up to 0.17.1. ...)
 	NOT-FOR-US: LIEF
 CVE-2025-15503 (A security flaw has been discovered in Sangfor Operation and Maintenan ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -311,8 +311,9 @@
       - product: Apache Kvrocks
       - product: Apache Kylin
       - product: Apache Kyuubi
-      - product: Apache NimBLE
+      - product: Apache Mynewt NimBLE
       - product: Apache NiFi
+      - product: Apache NimBLE
       - product: Apache NuttX RTOS
       - product: Apache OFBiz
       - product: Apache OpenOffice



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/34ad0930f8d3f8e99ef8434ff9b80f79479b608b...f085ff8297420cca769813b32f577138af1f8e43

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/34ad0930f8d3f8e99ef8434ff9b80f79479b608b...f085ff8297420cca769813b32f577138af1f8e43
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260111/bdb65f72/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list