[Git][security-tracker-team/security-tracker][master] auto-nfu: Extend vmware rule

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
997dd291 by Moritz Muehlenhoff at 2026-06-12T17:54:45+02:00
auto-nfu: Extend vmware rule

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -548,35 +548,35 @@ CVE-2026-42542 (TDengine is an open source, time-series database optimized for I
 CVE-2026-42462 (Fedify is a TypeScript library for building federated server apps powe ...)
 	NOT-FOR-US: Fedify
 CVE-2026-41856 (The Spring GraphQL annotation detection mechanism for @Controller data ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-41700 (Spring for GraphQL applications that have enabled the WebSocket transp ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-41699 (Spring for GraphQL applications are vulnerable to Unsafe Deserializati ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-41001 (Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static ...)
 	NOT-FOR-US: VMware
 CVE-2026-41000 (Wss4jSecurityInterceptor did not consistently wire Apache WSS4J Replay ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-40999 (When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addre ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-40998 (Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and S ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-40997 (Several Spring WS integration paths with Spring Security could surface ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-40996 (Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to  ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-40995 (X509AuthenticationProvider could issue a fully authenticated X509Authe ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-40994 (Wss4jSecurityInterceptor initialized its BSP (WS-I Basic Security Prof ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-40992 (Spring Boot's Mail auto-configuration does not enable hostname verific ...)
 	NOT-FOR-US: VMware
 CVE-2026-40987 (A malicious or compromised FTP/SFTP/SMB server can write arbitrary fil ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-40986 (Spring Web Flow's JavaScript RemotingHandler renders the body of an er ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-40985 (Applications that configure the WebFlowELExpressionParser are vulnerab ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-3553 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
 	NOT-FOR-US: GitLab (used to be packaged in the Debian archive as src:gitlab, but never in a stable release)
 CVE-2026-3341 (IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -695,10 +695,14 @@
       - product: Spring Data REST
       - product: Spring for Apache Kafka
       - product: Spring for Apache Pulsar
+      - product: Spring for GraphQL
       - product: Spring HATEOAS
+      - product: Spring Integration
       - product: Spring LDAP
       - product: Spring REST Docs
       - product: Spring Retry
+      - product: Spring Web Flow
+      - product: Spring Web Services
       - product: VMware Cloud Foundation
       - product: VMware ESXi
       - product: VMware NSX



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/997dd29168b8fc1a9bece9cbaf75d5b24169af5b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/997dd29168b8fc1a9bece9cbaf75d5b24169af5b
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260612/ac74a430/attachment-0001.htm>