Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
693cbad1 by Moritz Muehlenhoff at 2026-06-24T20:37:42+02:00
auto-nfu: Add rule for Grafana

src:grafana was never part of a stable release and has been removed for
eight years now.

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -1401,7 +1401,7 @@ CVE-2026-44913 (Improper escaping of database table names 
in the CaptureChangeMy
 CVE-2026-44911 (Authorization handling for component configuration 
verification reques ...)
        NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-42129 (The Loki datasource plugin's callResource handler contains a 
path trav ...)
-       TODO: check
+       NOT-FOR-US: Grafana Labs
 CVE-2026-42127 (The public dashboard query endpoint does not limit request 
body size b ...)
        TODO: check
 CVE-2026-41049 (Incorrect caching of authentication between different users of 
the qSn ...)
@@ -1458,7 +1458,7 @@ CVE-2026-10845 (IBM WebSphere Application Server 8.5 and 
9.0could allow a remote
 CVE-2026-10789 (A maliciously crafted webpage, when visited by a user with 
Autodesk Fu ...)
        NOT-FOR-US: Autodesk
 CVE-2026-10601 (The Tempo and Loki datasource plugins construct backend HTTP 
requests  ...)
-       TODO: check
+       NOT-FOR-US: Grafana Labs
 CVE-2026-10561 (IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due 
to an im ...)
        NOT-FOR-US: IBM
 CVE-2025-66389 (GitHub Copilot 1.372.0 allows filesystem access outside of a 
workspace ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -491,6 +491,11 @@
     - cna: Google
     - anyOf:
       - product: Gemini
+- reason: Grafana Labs
+  allOf:
+    - cna: GRAFANA
+    - anyOf:
+      - product: Grafana OSS
 - reason: Hashicorp products not packaged in Debian
   allOf:
     - cna: HashiCorp



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/693cbad1f22e3a561761da0f0854c484e44ac4f0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/693cbad1f22e3a561761da0f0854c484e44ac4f0
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to