[Git][security-tracker-team/security-tracker][master] auto-nfu: Extend vmware rule

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Mar 18 09:59:11 GMT 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
51e7af15 by Moritz Muehlenhoff at 2026-03-18T10:58:45+01:00
auto-nfu: Extend vmware rule

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -126,11 +126,11 @@ CVE-2026-26001 (The GLPI Inventory Plugin handles network discovery, inventory,
 CVE-2026-25937 (GLPI is a free Asset and IT management software package. Starting in v ...)
 	- glpi <removed>
 CVE-2026-22730 (A critical SQL injection vulnerability in Spring AI's MariaDBFilterExp ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-22729 (A JSONPath injection vulnerability in Spring AI's AbstractFilterExpres ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-22727 (Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 a ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-22323 (A CSRF vulnerability in the Link Aggregation configuration interface a ...)
 	NOT-FOR-US: Phoenix Contact
 CVE-2026-22322 (A stored cross\u2011site scripting (XSS) vulnerability in the Link Agg ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -600,6 +600,8 @@
     - cna: vmware
     - anyOf:
       - product: Avi Load Balancer
+      - product: Cloud Foundry
+      - product: Spring AI
       - product: Spring Boot
       - product: Spring Cloud Gateway Server Webflux
       - product: VMware Cloud Foundation



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51e7af15defdd05c3488176d62239ad3ae3b26e3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51e7af15defdd05c3488176d62239ad3ae3b26e3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260318/347af475/attachment.htm>

More information about the debian-security-tracker-commits mailing list