advisories: add advisories for aws-signing-helper

- One advisory also apply to nvidia-k8s-device-plugin.

Signed-off-by: Yutong Sun <[email protected]>

Author: ytsssun

advisories/staging/BRSA-leg349bma1kc.toml

@@ -0,0 +1,17 @@
+[advisory]
+id = "BRSA-leg349bma1kc"
+title = "aws-signing-helper CVE-2025-22870"
+cve = "CVE-2025-22870"
+severity = "moderate"
+description = "A flaw was found in aws-signing-helper dependency x/net, where proxy pattern matching can improperly treat an IPv6 zone ID as a hostname component."
+
+[[advisory.products]]
+package-name = "aws-signing-helper"
+patched-version = "1.6.0"
+patched-epoch = "1"
+
+[updateinfo]
+author = "yutongsu"
+issue-date = 2025-05-15T23:45:19Z
+arches = ["aarch64", "x86_64"]
+version = "staging"

advisories/staging/BRSA-newyz3jucdu5.toml

@@ -0,0 +1,22 @@
+[advisory]
+id = "BRSA-newyz3jucdu5"
+title = "aws-signing-helper, nvidia-k8s-device-plugin CVE-2024-45338"
+cve = "CVE-2024-45338"
+severity = "moderate"
+description = "A flaw was found in aws-signing-helper and nvidia-k8s-device-plugin dependency x/net which could lead to a denial of service."
+
+[[advisory.products]]
+package-name = "aws-signing-helper"
+patched-version = "1.6.0"
+patched-epoch = "1"
+
+[[advisory.products]]
+package-name = "nvidia-k8s-device-plugin"
+patched-version = "0.17.1"
+patched-epoch = "1"
+
+[updateinfo]
+author = "yutongsu"
+issue-date = 2025-05-15T23:52:10Z
+arches = ["x86_64", "aarch64"]
+version = "staging"