[Git][security-tracker-team/security-tracker][master] auto-nfu: Extend Oracle rule

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jan 21 09:19:15 GMT 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8356c40e by Moritz Muehlenhoff at 2026-01-21T10:18:50+01:00
auto-nfu: Extend Oracle rule

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -38,27 +38,27 @@ CVE-2026-21982 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virt
 CVE-2026-21981 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
 	- virtualbox <unfixed>
 CVE-2026-21980 (Vulnerability in the Oracle Life Sciences Central Coding product of Or ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2026-21979 (Vulnerability in the Oracle Planning and Budgeting Cloud Service produ ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2026-21978 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2026-21977 (Vulnerability in the Oracle Zero Data Loss Recovery Appliance Software ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2026-21976 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
 	NOT-FOR-US: Oracle
 CVE-2026-21975 (Vulnerability in the Java VM component of Oracle Database Server.  Sup ...)
 	NOT-FOR-US: Oracle
 CVE-2026-21974 (Vulnerability in the Oracle Life Sciences Central Designer product of  ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2026-21973 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2026-21972 (Vulnerability in the Oracle Configurator product of Oracle E-Business  ...)
 	NOT-FOR-US: Oracle
 CVE-2026-21971 (Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of O ...)
 	TODO: check
 CVE-2026-21970 (Vulnerability in the Oracle Life Sciences Central Designer product of  ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2026-21969 (Vulnerability in the Oracle Agile Product Lifecycle Management for Pro ...)
 	TODO: check
 CVE-2026-21968 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
@@ -146,9 +146,9 @@ CVE-2026-21925 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Ora
 CVE-2026-21924 (Vulnerability in the Oracle Utilities Application Framework product of ...)
 	TODO: check
 CVE-2026-21923 (Vulnerability in the Oracle Life Sciences Central Designer product of  ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2026-21922 (Vulnerability in the Oracle Planning and Budgeting Cloud Service produ ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2026-21664 (HackerOne community member Huynh Pham Thanh Luc (nigh7c0r3) has report ...)
 	TODO: check
 CVE-2026-21663 (HackerOne community member Patrick Lang (7yr) has reported a reflected ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -509,6 +509,8 @@
       - product: Oracle Configurator
       - product: Oracle Database Server
       - product: Oracle Essbase
+      - product: Oracle FLEXCUBE Investor Servicing
+      - product: Oracle FLEXCUBE Universal Banking
       - product: Oracle Financial Services Analytical Applications Infrastructure
       - product: Oracle Financial Services Revenue Management and Billing
       - product: Oracle Health Sciences Data Management Workbench
@@ -516,10 +518,13 @@
       - product: Oracle Hyperion Financial Reporting
       - product: Oracle Lease and Finance Management
       - product: Oracle Life Sciences InForm
+      - product: Oracle Life Sciences Central Coding
+      - product: Oracle Life Sciences Central Designer
       - product: Oracle Marketing
       - product: Oracle MES for Process Manufacturing
       - product: Oracle Marketing
       - product: Oracle Mobile Field Service
+      - product: Oracle Planning and Budgeting Cloud Service
       - product: Oracle Product Hub
       - product: Oracle REST Data Services
       - product: Oracle Scripting
@@ -531,6 +536,7 @@
       - product: Oracle User Management
       - product: Oracle WebLogic Server
       - product: Oracle Workflow
+      - product: Oracle Zero Data Loss Recovery Appliance Software
       - product: Oracle ZFS Storage Appliance Kit
       - product: Oracle iStore
       - product: Oracle iSupplier Portal



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8356c40e0dee29d334c28e7b82616ebc163fe150

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8356c40e0dee29d334c28e7b82616ebc163fe150
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260121/248a31fc/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list