[Git][security-tracker-team/security-tracker][master] auto-nf: Extend Eclipse rule

Fri Jun 19 14:24:22 BST 2026


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
27211b3c by Moritz Muehlenhoff at 2026-06-19T15:23:54+02:00
auto-nf: Extend Eclipse rule

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -219,7 +219,7 @@ CVE-2026-48933
 CVE-2026-9815 (The MagicForm WordPress plugin through 0.1.3 does not properly validat ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-9158 (In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DE ...)
-	TODO: check
+	NOT-FOR-US: Eclipse
 CVE-2026-8811 (SEPPmail versions before 15.0.5 allow improper handling of attachment  ...)
 	NOT-FOR-US: SEPPmail
 CVE-2026-8461 (An out-of-bounds write vulnerability in FFmpeg's libavcodec library, s ...)
@@ -316,14 +316,14 @@ CVE-2026-48617 (A flaw in Node.js Permission Model enforcement allows Bypass via
 CVE-2026-47833 (setupBpmLogs follows symlink for bpm.log open and chown \u2014 contain ...)
 	NOT-FOR-US: setupBpmLogs
 CVE-2026-46580 (In Eclipse Theia versions prior to 1.71.0, files matching the pattern  ...)
-	TODO: check
+	NOT-FOR-US: Eclipse
 CVE-2026-44942 (A path traversal in handling the "path" component of .repo files proce ...)
 	- libzypp 17.38.13-1
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1267874
 CVE-2026-44691 (In Eclipse Theia versions prior to 1.69.0, custom task definitions in  ...)
-	TODO: check
+	NOT-FOR-US: Eclipse
 CVE-2026-44688 (In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed ...)
-	TODO: check
+	NOT-FOR-US: Eclipse
 CVE-2026-40457 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in LMS (LA ...)
 	NOT-FOR-US: LMS (LAN Management System)
 CVE-2026-40456 (An OS Command Injection vulnerability exists in LMS (LAN Management Sy ...)
@@ -345,7 +345,7 @@ CVE-2026-2021 (The Slideshow Gallery LITE plugin for WordPress is vulnerable to
 CVE-2026-28573 (In AndroidManifest.xml, there is a possible persistent denial of servi ...)
 	NOT-FOR-US: Android
 CVE-2026-22551 (In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdo ...)
-	TODO: check
+	NOT-FOR-US: Eclipse
 CVE-2026-12539 (Docker Sandboxes (sbx) blocks ICMP egress with an authorizer applied o ...)
 	TODO: check
 CVE-2026-12527 (A broken authorization boundary in the RTSP media delivery pipeline of ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -440,10 +440,12 @@
   allOf:
     - cna: eclipse
     - anyOf:
+      - product: Eclipse 4diac
       - product: Eclipse BaSyx
       - product: Eclipse Cyclone DDS
       - product: Eclipse Glassfish
       - product: Eclipse KUKSA - Databroker
+      - product: Eclipse Theia
       - product: Eclipse ThreadX
       - product: Eclipse ThreadX - NetX Duo
       - product: Eclipse ThreadX - USBX



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27211b3c564f3a7409207a97a5d0378b13f43fa2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27211b3c564f3a7409207a97a5d0378b13f43fa2
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260619/03fae347/attachment.htm>
