[Git][security-tracker-team/security-tracker][master] auto-nfu: Extend Apache rule

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
15a7ee5e by Moritz Muehlenhoff at 2026-05-05T10:30:42+02:00
auto-nfu: Extend Apache rule

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -126,13 +126,13 @@ CVE-2026-44028 (An issue was discovered in Nix before 2.34.7 and Lix before 2.95
 CVE-2026-43616 (Detect-It-Easy prior to 3.21 contains a path traversal vulnerability t ...)
 	NOT-FOR-US: Detect-It-Easy
 CVE-2026-42812 (In Apache Iceberg, the table's metadata files are control files: they  ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-42811 (In plain terms, Apache Polaris is supposed to issue short-lived GCS cr ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-42810 (Apache Polaris accepts literal `*` characters in namespace and table n ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-42809 (Apache Polaris can issue broad temporary ("vended") storage credential ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-42796 (Arelle before 2.39.10 contains an unauthenticated remote code executio ...)
 	TODO: check
 CVE-2026-42440 (OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -351,6 +351,7 @@
       - product: Apache OFBiz
       - product: Apache OpenMeetings
       - product: Apache OpenOffice
+      - product: Apache Polaris
       - product: Apache Ranger
       - product: Apache SIS
       - product: Apache Seata (incubating)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15a7ee5e3e764f43835d76bb7aa55a719f792b61

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15a7ee5e3e764f43835d76bb7aa55a719f792b61
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260505/e88162ca/attachment-0001.htm>