Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
693cbad1 by Moritz Muehlenhoff at 2026-06-24T20:37:42+02:00
auto-nfu: Add rule for Grafana
src:grafana was never part of a stable release and has been removed for
eight years now.
- - - - -
2 changed files:
- data/CVE/list
- data/packages/nfu.yaml
Changes:
=====================================
data/CVE/list
=====================================
@@ -1401,7 +1401,7 @@ CVE-2026-44913 (Improper escaping of database table names
in the CaptureChangeMy
CVE-2026-44911 (Authorization handling for component configuration
verification reques ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-42129 (The Loki datasource plugin's callResource handler contains a
path trav ...)
- TODO: check
+ NOT-FOR-US: Grafana Labs
CVE-2026-42127 (The public dashboard query endpoint does not limit request
body size b ...)
TODO: check
CVE-2026-41049 (Incorrect caching of authentication between different users of
the qSn ...)
@@ -1458,7 +1458,7 @@ CVE-2026-10845 (IBM WebSphere Application Server 8.5 and
9.0could allow a remote
CVE-2026-10789 (A maliciously crafted webpage, when visited by a user with
Autodesk Fu ...)
NOT-FOR-US: Autodesk
CVE-2026-10601 (The Tempo and Loki datasource plugins construct backend HTTP
requests ...)
- TODO: check
+ NOT-FOR-US: Grafana Labs
CVE-2026-10561 (IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due
to an im ...)
NOT-FOR-US: IBM
CVE-2025-66389 (GitHub Copilot 1.372.0 allows filesystem access outside of a
workspace ...)
=====================================
data/packages/nfu.yaml
=====================================
@@ -491,6 +491,11 @@
- cna: Google
- anyOf:
- product: Gemini
+- reason: Grafana Labs
+ allOf:
+ - cna: GRAFANA
+ - anyOf:
+ - product: Grafana OSS
- reason: Hashicorp products not packaged in Debian
allOf:
- cna: HashiCorp
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/693cbad1f22e3a561761da0f0854c484e44ac4f0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/693cbad1f22e3a561761da0f0854c484e44ac4f0
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits