[Git][security-tracker-team/security-tracker][master] auto-nfu: Extend Oracle rule

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jan 21 10:40:46 GMT 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
33837e14 by Moritz Muehlenhoff at 2026-01-21T11:40:06+01:00
auto-nfu: Extend Oracle rule

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -74,7 +74,7 @@ CVE-2026-21964 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
 CVE-2026-21963 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
 	- virtualbox <unfixed>
 CVE-2026-21962 (Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy  ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2026-21961 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources product ...)
 	NOT-FOR-US: Oracle
 CVE-2026-21960 (Vulnerability in the Oracle Applications DBA product of Oracle E-Busin ...)
@@ -116,7 +116,7 @@ CVE-2026-21942 (Vulnerability in the Oracle Solaris product of Oracle Systems (c
 CVE-2026-21941 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 <unfixed>
 CVE-2026-21940 (Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain ( ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2026-21939 (Vulnerability in the SQLcl component of Oracle Database Server.  Suppo ...)
 	NOT-FOR-US: Oracle
 CVE-2026-21938 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
@@ -142,7 +142,7 @@ CVE-2026-21932 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Ora
 	- openjdk-21 <unfixed>
 	- openjdk-25 <unfixed>
 CVE-2026-21931 (Vulnerability in the Oracle APEX Sample Applications product of Oracle ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2026-21930 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...)
 	NOT-FOR-US: Oracle
 CVE-2026-21929 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
@@ -152,7 +152,7 @@ CVE-2026-21928 (Vulnerability in the Oracle Solaris product of Oracle Systems (c
 CVE-2026-21927 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
 	NOT-FOR-US: Oracle
 CVE-2026-21926 (Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CR ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2026-21925 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
 	- openjdk-8 <unfixed>
 	- openjdk-11 <unfixed>
@@ -160,7 +160,7 @@ CVE-2026-21925 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Ora
 	- openjdk-21 <unfixed>
 	- openjdk-25 <unfixed>
 CVE-2026-21924 (Vulnerability in the Oracle Utilities Application Framework product of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2026-21923 (Vulnerability in the Oracle Life Sciences Central Designer product of  ...)
 	NOT-FOR-US: Oracle
 CVE-2026-21922 (Vulnerability in the Oracle Planning and Budgeting Cloud Service produ ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -494,6 +494,7 @@
       - product: Identity Manager
       - product: JD Edwards EnterpriseOne Tools
       - product: MySQL Cluster
+      - product: Oracle Agile PLM
       - product: Oracle Agile Product Lifecycle Management for Process
       - product: Oracle Application Express
       - product: Oracle Application Object Library
@@ -538,6 +539,7 @@
       - product: Oracle Teleservice
       - product: Oracle Universal Work Queue
       - product: Oracle User Management
+      - product: Oracle Utilities Application Framework
       - product: Oracle WebLogic Server
       - product: Oracle Workflow
       - product: Oracle Zero Data Loss Recovery Appliance Software
@@ -555,6 +557,7 @@
       - product: PeopleSoft Enterprise SCM Purchasing
       - product: Primavera P6 Enterprise Project Portfolio Management
       - product: Siebel CRM End User
+      - product: Siebel CRM Deployment
 - reason: SUSE
   allOf:
     - cna: suse



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33837e14ed57c7efb66274c032f8339c095444c5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33837e14ed57c7efb66274c032f8339c095444c5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260121/8eedeee8/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list