[Git][security-tracker-team/security-tracker][master] auto-nfu: Extend vmware rule

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jun 9 13:33:17 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
87400147 by Moritz Muehlenhoff at 2026-06-09T14:32:27+02:00
auto-nfu: Extend vmware rule

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -161,21 +161,21 @@ CVE-2026-41838 (IDs for WebSocket sessions in the spring-websocket module are no
 	NOTE: https://spring.io/security/cve-2026-41838
 	NOTE: Only supported for building applications shipped in Debian, see README.Debian.security
 CVE-2026-41720 (Spring LDAP's DirContextAuthenticationStrategy implementations do not  ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-41715 (In specific scenarios involving HTTP redirects from a secure to an ins ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-41710 (An attacker can craft a large number of unique requests that trigger a ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-41539 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
 	NOT-FOR-US: QNAP
 CVE-2026-41007 (Spring HATEOAS maintains an unbounded static cache of StringLinkRelati ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-41006 (Spring HATEOAS's internal PropertyUtils.createObjectFromProperties met ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-40984 (In Micrometer, it is possible for a user to provide specially crafted  ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-40983 (In Micrometer, it is possible for a user to provide specially crafted  ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-40519 (Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5 ...)
 	NOT-FOR-US: Nginx Proxy Manager
 CVE-2026-40128 (SAP NetWeaver Application Server Java (Web Container) allows an unauth ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -673,12 +673,17 @@
       - product: Avi Load Balancer
       - product: BOSH Director
       - product: Cloud Foundry
+      - product: Micrometer
+      - product: Reactor Netty
       - product: Spring AI
       - product: Spring Boot
       - product: Spring Cloud Config
       - product: Spring Cloud Function
       - product: Spring Cloud Gateway
       - product: Spring Cloud Gateway Server Webflux
+      - product: Spring HATEOAS
+      - product: Spring LDAP
+      - product: Spring Retry
       - product: VMware Cloud Foundation
       - product: VMware ESXi
       - product: VMware NSX



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87400147aa2565287a83d01f055002b45e15699f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87400147aa2565287a83d01f055002b45e15699f
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260609/220152c8/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list