[Git][security-tracker-team/security-tracker][master] auto-nfu: Extend nvidia rule

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed May 20 08:56:40 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bcbcd71c by Moritz Muehlenhoff at 2026-05-20T09:56:31+02:00
auto-nfu: Extend nvidia rule

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -368,11 +368,11 @@ CVE-2026-24207 (NVIDIA Triton Inference Server contains a vulnerability where an
 CVE-2026-24206 (NVIDIA Triton Inference Server contains a vulnerability where an attac ...)
 	NOT-FOR-US: NVIDIA
 CVE-2026-24163 (NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testin ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2026-24160 (NVIDIA TRT-LLM for any platform contains a vulnerability where an atta ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2026-24142 (NVIDIA TRT-LLM for any platform contains a deserialization vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-70950 (An issue in gohttp commit 34ea51 allows attackers to execute a directo ...)
 	TODO: check
 CVE-2025-61081 (In BYD Atto3, an attacker can obtain an authentication key through Bru ...)
@@ -392,7 +392,7 @@ CVE-2025-40901 (A Stored HTML Injection vulnerability was discovered in the Cred
 CVE-2025-40900 (An Angular template injection vulnerability was discovered in the Repo ...)
 	TODO: check
 CVE-2025-33255 (NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-15645 (Ledger Nano X, Flex, and Stax devices contain a denial of service vuln ...)
 	TODO: check
 CVE-2025-15369 (The Xpro Addons \u2014 140+ Widgets for Elementor plugin for WordPress ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -559,6 +559,7 @@
       - product: Resiliency Extension
       - product: RunAI
       - product: TAO
+      - product: TensorRT-LLM
       - product: Triton Inference Server
 - reason: Oracle
   allOf:



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bcbcd71ca4aa4dfeb5d77e0d1328df0bffd2b2b4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bcbcd71ca4aa4dfeb5d77e0d1328df0bffd2b2b4
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260520/2be89d66/attachment.htm>

More information about the debian-security-tracker-commits mailing list