[Git][security-tracker-team/security-tracker][master] 2 commits: auto-nfu: Add another product for the Apache CNA rule

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat May 2 09:38:55 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cf0a9d09 by Salvatore Bonaccorso at 2026-05-02T10:38:39+02:00
auto-nfu: Add another product for the Apache CNA rule

- - - - -
50f3f117 by Salvatore Bonaccorso at 2026-05-02T10:38:39+02:00
Process some new NFUs

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -202,11 +202,11 @@ CVE-2026-42468 (Buffer overflow vulnerability in Open Vehicle Monitoring System
 CVE-2026-42467 (An issue was discovered in Open-SAE-J1939 thru commit b6caf884df46435e ...)
 	NOT-FOR-US: Open-SAE-J1939
 CVE-2026-42404 (Apache Neethi does not impose any restrictions on URIs when manually f ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-42403 (Apache Neethi does not properly detect circular references in policy d ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-42402 (Apache Neethi is vulnerable to a Denial of Service attack through algo ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-40201 (@diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows store ...)
 	NOT-FOR-US: diplodoc/search-extension
 CVE-2026-3772 (The WP Editor plugin for WordPress is vulnerable to Cross-Site Request ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -344,6 +344,7 @@
       - product: Apache Kyuubi
       - product: Apache Livy
       - product: Apache Mynewt NimBLE
+      - product: Apache Neethi
       - product: Apache NiFi
       - product: Apache NimBLE
       - product: Apache NuttX RTOS



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cc4f9e2f08e99701f9b776c5418f8b2150a5252e...50f3f117fe95697ef241a3b23c98a07c68e22f97

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cc4f9e2f08e99701f9b776c5418f8b2150a5252e...50f3f117fe95697ef241a3b23c98a07c68e22f97
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260502/9c59b012/attachment.htm>

More information about the debian-security-tracker-commits mailing list