[Git][security-tracker-team/security-tracker][master] auto-nfu: Extend vmware rule

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jun 10 11:49:48 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d58fbd01 by Moritz Muehlenhoff at 2026-06-10T12:49:23+02:00
auto-nfu: Extend vmware rule

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -210,43 +210,43 @@ CVE-2026-44634 (SimpleBLE is a cross-platform library and bindings for Bluetooth
 CVE-2026-44505 (Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol ba ...)
 	NOT-FOR-US: Nimiq
 CVE-2026-41837 (Spring Data REST's Querydsl integration accepts arbitrary persistent p ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-41732 (JsonPulsarHeaderMapper matched type headers against trusted packages u ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-41731 (JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matc ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-41730 (Spring Data REST serializes the full exception cause chain into HTTP e ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-41729 (Spring Data REST is vulnerable to SpEL expression injection through ma ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-41728 (Spring Data REST's JSON Patch (application/json-patch+json) implementa ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-41727 (Spring Kafka's retry topic infrastructure did not sufficiently validat ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-41726 (When an application opts into DelegatingDeserializer, a producer can g ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-41721 (Spring Data Commons contains a vulnerability that can lead to a Denial ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-41719 (A SpEL Injection vulnerability exists in the Spring Data KeyValue if u ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-41717 (Spring Data MongoDB contains a SpEL (Spring Expression Language) expre ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-41716 (Spring Data's internal property-lookup cache accepts and permanently r ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-41714 (Applications that configure their broker connection via RabbitConnecti ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-41711 (Applications using Spring Data Commons may be vulnerable to a Denial o ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-41706 (Spring Security's CookieRequestCache and CookieServerRequestCache stor ...)
 	TODO: check
 CVE-2026-41701 (Correlation IDs for replies in the RabbitTemplate.sendAndReceive() wit ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-41697 (Spring Data Relational does not properly escape binding values of exte ...)
 	TODO: check
 CVE-2026-41696 (Spring Data MongoDB repository query methods annotated with @Query tha ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-41695 (Spring Data Commons applications may be vulnerable to denial of servic ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-41694 (Since Spring Security SAML decrypts SAML Responses as well as elements ...)
 	TODO: check
 CVE-2026-41008 (Spring Security Authorization Server's authorization endpoint performs ...)
@@ -256,7 +256,7 @@ CVE-2026-41003 (An attacker able to influence values in RelyingPartyRegistration
 CVE-2026-40993 (An attacker with write permissions to the database table managed by Jd ...)
 	TODO: check
 CVE-2026-40991 (When using spring-restdocs-webtestclient or spring-restdocs-restassure ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-40988 (An application using spring-security-saml2-service-provider and the RE ...)
 	TODO: check
 CVE-2026-3326 (The Xstore WordPress theme before 9.7.3 does not properly sanitise and ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -678,13 +678,22 @@
       - product: Micrometer
       - product: Reactor Netty
       - product: Spring AI
+      - product: Spring AMQP
       - product: Spring Boot
       - product: Spring Cloud Config
       - product: Spring Cloud Function
       - product: Spring Cloud Gateway
       - product: Spring Cloud Gateway Server Webflux
+      - product: Spring Data Commons
+      - product: Spring Data KeyValue
+      - product: Spring Data MongoDB
+      - product: Spring Data Relational
+      - product: Spring Data REST
+      - product: Spring for Apache Kafka
+      - product: Spring for Apache Pulsar
       - product: Spring HATEOAS
       - product: Spring LDAP
+      - product: Spring REST Docs
       - product: Spring Retry
       - product: VMware Cloud Foundation
       - product: VMware ESXi



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d58fbd01641ddc4ad9c754ed3deb8b10a895cbc7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d58fbd01641ddc4ad9c754ed3deb8b10a895cbc7
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260610/371b847d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list